diff --git a/adapters/saml/core/src/main/java/org/keycloak/adapters/saml/SamlAuthenticator.java b/adapters/saml/core/src/main/java/org/keycloak/adapters/saml/SamlAuthenticator.java
index cd9affd674..b494847b1e 100755
--- a/adapters/saml/core/src/main/java/org/keycloak/adapters/saml/SamlAuthenticator.java
+++ b/adapters/saml/core/src/main/java/org/keycloak/adapters/saml/SamlAuthenticator.java
@@ -38,12 +38,16 @@ public abstract class SamlAuthenticator {
protected abstract void completeAuthentication(SamlSession samlSession);
- private SamlAuthenticationHandler createAuthenticationHandler(HttpFacade facade, SamlDeployment deployment, SamlSessionStore sessionStore) {
+ protected SamlAuthenticationHandler createAuthenticationHandler(HttpFacade facade, SamlDeployment deployment, SamlSessionStore sessionStore) {
if (EcpAuthenticationHandler.canHandle(facade)) {
return EcpAuthenticationHandler.create(facade, deployment, sessionStore);
}
// defaults to the web browser sso profile
+ return createBrowserHandler(facade, deployment, sessionStore);
+ }
+
+ protected SamlAuthenticationHandler createBrowserHandler(HttpFacade facade, SamlDeployment deployment, SamlSessionStore sessionStore) {
return WebBrowserSsoAuthenticationHandler.create(facade, deployment, sessionStore);
}
}
\ No newline at end of file
diff --git a/adapters/saml/core/src/main/java/org/keycloak/adapters/saml/SamlUtil.java b/adapters/saml/core/src/main/java/org/keycloak/adapters/saml/SamlUtil.java
index d3d9a0f6eb..65b0fb5d89 100755
--- a/adapters/saml/core/src/main/java/org/keycloak/adapters/saml/SamlUtil.java
+++ b/adapters/saml/core/src/main/java/org/keycloak/adapters/saml/SamlUtil.java
@@ -2,6 +2,7 @@ package org.keycloak.adapters.saml;
import org.keycloak.adapters.spi.HttpFacade;
import org.keycloak.saml.BaseSAML2BindingBuilder;
+import org.keycloak.saml.common.constants.GeneralConstants;
import org.keycloak.saml.common.exceptions.ConfigurationException;
import org.keycloak.saml.common.exceptions.ProcessingException;
import org.w3c.dom.Document;
@@ -32,4 +33,41 @@ public class SamlUtil {
}
}
+ /**
+ * Gets a url to redirect to if there is an IDP initiated login. Looks for a redirectTo query param first, then looks
+ * in RelayState, if not in either defaults to context path.
+ *
+ * @param facade
+ * @param contextPath
+ * @param baseUri
+ * @return
+ */
+ public static String getRedirectTo(HttpFacade facade, String contextPath, String baseUri) {
+ String redirectTo = facade.getRequest().getQueryParamValue("redirectTo");
+ if (redirectTo != null && !redirectTo.isEmpty()) {
+ return buildRedirectTo(baseUri, redirectTo);
+ } else {
+ redirectTo = facade.getRequest().getFirstParam(GeneralConstants.RELAY_STATE);
+ if (redirectTo != null) {
+ int index = redirectTo.indexOf("redirectTo=");
+ if (index >= 0) {
+ String to = redirectTo.substring(index + "redirectTo=".length());
+ index = to.indexOf(';');
+ if (index >=0) {
+ to = to.substring(0, index);
+ }
+ return buildRedirectTo(baseUri, to);
+ }
+ }
+ if (contextPath.isEmpty()) baseUri += "/";
+ return baseUri;
+ }
+ }
+
+ private static String buildRedirectTo(String baseUri, String redirectTo) {
+ if (redirectTo.startsWith("/")) redirectTo = redirectTo.substring(1);
+ if (baseUri.endsWith("/")) baseUri = baseUri.substring(0, baseUri.length() - 1);
+ redirectTo = baseUri + "/" + redirectTo;
+ return redirectTo;
+ }
}
diff --git a/adapters/saml/core/src/main/java/org/keycloak/adapters/saml/profile/webbrowsersso/BrowserHandler.java b/adapters/saml/core/src/main/java/org/keycloak/adapters/saml/profile/webbrowsersso/BrowserHandler.java
new file mode 100755
index 0000000000..9008b999ff
--- /dev/null
+++ b/adapters/saml/core/src/main/java/org/keycloak/adapters/saml/profile/webbrowsersso/BrowserHandler.java
@@ -0,0 +1,24 @@
+package org.keycloak.adapters.saml.profile.webbrowsersso;
+
+import org.keycloak.adapters.saml.OnSessionCreated;
+import org.keycloak.adapters.saml.SamlDeployment;
+import org.keycloak.adapters.saml.SamlSessionStore;
+import org.keycloak.adapters.saml.profile.SamlInvocationContext;
+import org.keycloak.adapters.spi.AuthOutcome;
+import org.keycloak.adapters.spi.HttpFacade;
+import org.keycloak.saml.common.constants.GeneralConstants;
+
+/**
+ * @author Bill Burke
+ * @version $Revision: 1 $
+ */
+public class BrowserHandler extends WebBrowserSsoAuthenticationHandler {
+ public BrowserHandler(HttpFacade facade, SamlDeployment deployment, SamlSessionStore sessionStore) {
+ super(facade, deployment, sessionStore);
+ }
+
+ @Override
+ public AuthOutcome handle(OnSessionCreated onCreateSession) {
+ return doHandle(new SamlInvocationContext(null, null, null), onCreateSession);
+ }
+}
diff --git a/adapters/saml/core/src/main/java/org/keycloak/adapters/saml/profile/webbrowsersso/SamlEndpoint.java b/adapters/saml/core/src/main/java/org/keycloak/adapters/saml/profile/webbrowsersso/SamlEndpoint.java
new file mode 100755
index 0000000000..2debf47a7f
--- /dev/null
+++ b/adapters/saml/core/src/main/java/org/keycloak/adapters/saml/profile/webbrowsersso/SamlEndpoint.java
@@ -0,0 +1,33 @@
+package org.keycloak.adapters.saml.profile.webbrowsersso;
+
+import org.keycloak.adapters.saml.OnSessionCreated;
+import org.keycloak.adapters.saml.SamlDeployment;
+import org.keycloak.adapters.saml.SamlSessionStore;
+import org.keycloak.adapters.saml.profile.SamlInvocationContext;
+import org.keycloak.adapters.spi.AuthOutcome;
+import org.keycloak.adapters.spi.HttpFacade;
+import org.keycloak.saml.common.constants.GeneralConstants;
+
+/**
+ * @author Bill Burke
+ * @version $Revision: 1 $
+ */
+public class SamlEndpoint extends WebBrowserSsoAuthenticationHandler {
+ public SamlEndpoint(HttpFacade facade, SamlDeployment deployment, SamlSessionStore sessionStore) {
+ super(facade, deployment, sessionStore);
+ }
+
+ @Override
+ public AuthOutcome handle(OnSessionCreated onCreateSession) {
+ String samlRequest = facade.getRequest().getFirstParam(GeneralConstants.SAML_REQUEST_KEY);
+ String samlResponse = facade.getRequest().getFirstParam(GeneralConstants.SAML_RESPONSE_KEY);
+ String relayState = facade.getRequest().getFirstParam(GeneralConstants.RELAY_STATE);
+ if (samlRequest != null) {
+ return handleSamlRequest(samlRequest, relayState);
+ } else if (samlResponse != null) {
+ return handleSamlResponse(samlResponse, relayState, onCreateSession);
+ }
+ return AuthOutcome.NOT_ATTEMPTED;
+
+ }
+}
diff --git a/adapters/saml/core/src/main/java/org/keycloak/adapters/saml/profile/webbrowsersso/WebBrowserSsoAuthenticationHandler.java b/adapters/saml/core/src/main/java/org/keycloak/adapters/saml/profile/webbrowsersso/WebBrowserSsoAuthenticationHandler.java
old mode 100644
new mode 100755
index f3e98e5492..0a6700cb4a
--- a/adapters/saml/core/src/main/java/org/keycloak/adapters/saml/profile/webbrowsersso/WebBrowserSsoAuthenticationHandler.java
+++ b/adapters/saml/core/src/main/java/org/keycloak/adapters/saml/profile/webbrowsersso/WebBrowserSsoAuthenticationHandler.java
@@ -25,7 +25,7 @@ public class WebBrowserSsoAuthenticationHandler extends AbstractSamlAuthenticati
return new WebBrowserSsoAuthenticationHandler(facade, deployment, sessionStore);
}
- private WebBrowserSsoAuthenticationHandler(HttpFacade facade, SamlDeployment deployment, SamlSessionStore sessionStore) {
+ WebBrowserSsoAuthenticationHandler(HttpFacade facade, SamlDeployment deployment, SamlSessionStore sessionStore) {
super(facade, deployment, sessionStore);
}
diff --git a/adapters/saml/jetty/jetty-core/src/main/java/org/keycloak/adapters/saml/jetty/AbstractSamlAuthenticator.java b/adapters/saml/jetty/jetty-core/src/main/java/org/keycloak/adapters/saml/jetty/AbstractSamlAuthenticator.java
index 5028542766..1746ccb60c 100755
--- a/adapters/saml/jetty/jetty-core/src/main/java/org/keycloak/adapters/saml/jetty/AbstractSamlAuthenticator.java
+++ b/adapters/saml/jetty/jetty-core/src/main/java/org/keycloak/adapters/saml/jetty/AbstractSamlAuthenticator.java
@@ -13,6 +13,10 @@ import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.server.handler.ContextHandler;
import org.eclipse.jetty.util.URIUtil;
import org.jboss.logging.Logger;
+import org.keycloak.adapters.saml.SamlSessionStore;
+import org.keycloak.adapters.saml.profile.SamlAuthenticationHandler;
+import org.keycloak.adapters.saml.profile.webbrowsersso.BrowserHandler;
+import org.keycloak.adapters.saml.profile.webbrowsersso.SamlEndpoint;
import org.keycloak.adapters.spi.AdapterSessionStore;
import org.keycloak.adapters.spi.AuthChallenge;
import org.keycloak.adapters.spi.AuthOutcome;
@@ -234,16 +238,38 @@ public abstract class AbstractSamlAuthenticator extends LoginAuthenticator {
log.debug("*** deployment isn't configured return false");
return Authentication.UNAUTHENTICATED;
}
- if (!mandatory)
+ boolean isEndpoint = request.getRequestURI().substring(request.getContextPath().length()).endsWith("/saml");
+ if (!mandatory && !isEndpoint)
return new DeferredAuthentication(this);
JettySamlSessionStore tokenStore = getTokenStore(request, facade, deployment);
- SamlAuthenticator authenticator = new SamlAuthenticator(facade, deployment, tokenStore ) {
- @Override
- protected void completeAuthentication(SamlSession account) {
+ SamlAuthenticator authenticator = null;
+ if (isEndpoint) {
+ authenticator = new SamlAuthenticator(facade, deployment, tokenStore) {
+ @Override
+ protected void completeAuthentication(SamlSession account) {
- }
- };
+ }
+
+ @Override
+ protected SamlAuthenticationHandler createBrowserHandler(HttpFacade facade, SamlDeployment deployment, SamlSessionStore sessionStore) {
+ return new SamlEndpoint(facade, deployment, sessionStore);
+ }
+ };
+
+ } else {
+ authenticator = new SamlAuthenticator(facade, deployment, tokenStore) {
+ @Override
+ protected void completeAuthentication(SamlSession account) {
+
+ }
+
+ @Override
+ protected SamlAuthenticationHandler createBrowserHandler(HttpFacade facade, SamlDeployment deployment, SamlSessionStore sessionStore) {
+ return new BrowserHandler(facade, deployment, sessionStore);
+ }
+ };
+ }
AuthOutcome outcome = authenticator.authenticate();
if (outcome == AuthOutcome.AUTHENTICATED) {
if (facade.isEnded()) {
diff --git a/adapters/saml/jetty/jetty-core/src/main/java/org/keycloak/adapters/saml/jetty/JettySamlSessionStore.java b/adapters/saml/jetty/jetty-core/src/main/java/org/keycloak/adapters/saml/jetty/JettySamlSessionStore.java
index 380066e36c..01280873f3 100755
--- a/adapters/saml/jetty/jetty-core/src/main/java/org/keycloak/adapters/saml/jetty/JettySamlSessionStore.java
+++ b/adapters/saml/jetty/jetty-core/src/main/java/org/keycloak/adapters/saml/jetty/JettySamlSessionStore.java
@@ -3,12 +3,14 @@ package org.keycloak.adapters.saml.jetty;
import org.eclipse.jetty.server.Request;
import org.jboss.logging.Logger;
import org.keycloak.adapters.saml.SamlDeployment;
+import org.keycloak.adapters.saml.SamlUtil;
import org.keycloak.adapters.spi.AdapterSessionStore;
import org.keycloak.adapters.spi.HttpFacade;
import org.keycloak.adapters.spi.SessionIdMapper;
import org.keycloak.adapters.jetty.spi.JettyUserSessionManagement;
import org.keycloak.adapters.saml.SamlSession;
import org.keycloak.adapters.saml.SamlSessionStore;
+import org.keycloak.common.util.KeycloakUriBuilder;
import org.keycloak.dom.saml.v2.protocol.StatusType;
import javax.servlet.http.HttpSession;
@@ -151,7 +153,13 @@ public class JettySamlSessionStore implements SamlSessionStore {
@Override
public String getRedirectUri() {
- return (String)request.getSession(true).getAttribute(SAML_REDIRECT_URI);
+ String redirect = (String)request.getSession(true).getAttribute(SAML_REDIRECT_URI);
+ if (redirect == null) {
+ String contextPath = request.getContextPath();
+ String baseUri = KeycloakUriBuilder.fromUri(request.getRequestURL().toString()).replacePath(contextPath).build().toString();
+ return SamlUtil.getRedirectTo(facade, contextPath, baseUri);
+ }
+ return redirect;
}
@Override
diff --git a/adapters/saml/servlet-filter/src/main/java/org/keycloak/adapters/saml/servlet/FilterSamlSessionStore.java b/adapters/saml/servlet-filter/src/main/java/org/keycloak/adapters/saml/servlet/FilterSamlSessionStore.java
index e690db5d6f..d25f2dabbb 100755
--- a/adapters/saml/servlet-filter/src/main/java/org/keycloak/adapters/saml/servlet/FilterSamlSessionStore.java
+++ b/adapters/saml/servlet-filter/src/main/java/org/keycloak/adapters/saml/servlet/FilterSamlSessionStore.java
@@ -1,12 +1,14 @@
package org.keycloak.adapters.saml.servlet;
import org.jboss.logging.Logger;
+import org.keycloak.adapters.saml.SamlUtil;
import org.keycloak.adapters.spi.HttpFacade;
import org.keycloak.adapters.spi.KeycloakAccount;
import org.keycloak.adapters.spi.SessionIdMapper;
import org.keycloak.adapters.saml.SamlSession;
import org.keycloak.adapters.saml.SamlSessionStore;
import org.keycloak.adapters.servlet.FilterSessionStore;
+import org.keycloak.common.util.KeycloakUriBuilder;
import org.keycloak.dom.saml.v2.protocol.StatusType;
import javax.servlet.http.HttpServletRequest;
@@ -145,7 +147,13 @@ public class FilterSamlSessionStore extends FilterSessionStore implements SamlSe
public String getRedirectUri() {
HttpSession session = request.getSession(false);
if (session == null) return null;
- return (String)session.getAttribute(REDIRECT_URI);
+ String redirect = (String)session.getAttribute(REDIRECT_URI);
+ if (redirect == null) {
+ String contextPath = request.getContextPath();
+ String baseUri = KeycloakUriBuilder.fromUri(request.getRequestURL().toString()).replacePath(contextPath).build().toString();
+ return SamlUtil.getRedirectTo(facade, contextPath, baseUri);
+ }
+ return redirect;
}
}
diff --git a/adapters/saml/servlet-filter/src/main/java/org/keycloak/adapters/saml/servlet/SamlFilter.java b/adapters/saml/servlet-filter/src/main/java/org/keycloak/adapters/saml/servlet/SamlFilter.java
index ac95784c6b..dcdd3f87fe 100755
--- a/adapters/saml/servlet-filter/src/main/java/org/keycloak/adapters/saml/servlet/SamlFilter.java
+++ b/adapters/saml/servlet-filter/src/main/java/org/keycloak/adapters/saml/servlet/SamlFilter.java
@@ -23,11 +23,16 @@ import org.keycloak.adapters.saml.SamlAuthenticator;
import org.keycloak.adapters.saml.SamlDeployment;
import org.keycloak.adapters.saml.SamlDeploymentContext;
import org.keycloak.adapters.saml.SamlSession;
+import org.keycloak.adapters.saml.SamlSessionStore;
import org.keycloak.adapters.saml.config.parsers.DeploymentBuilder;
import org.keycloak.adapters.saml.config.parsers.ResourceLoader;
+import org.keycloak.adapters.saml.profile.SamlAuthenticationHandler;
+import org.keycloak.adapters.saml.profile.webbrowsersso.BrowserHandler;
+import org.keycloak.adapters.saml.profile.webbrowsersso.SamlEndpoint;
import org.keycloak.adapters.servlet.ServletHttpFacade;
import org.keycloak.adapters.spi.AuthChallenge;
import org.keycloak.adapters.spi.AuthOutcome;
+import org.keycloak.adapters.spi.HttpFacade;
import org.keycloak.adapters.spi.InMemorySessionIdMapper;
import org.keycloak.adapters.spi.SessionIdMapper;
import org.keycloak.saml.common.exceptions.ParsingException;
@@ -38,11 +43,16 @@ import org.keycloak.saml.common.exceptions.ParsingException;
*/
public class SamlFilter implements Filter {
protected SamlDeploymentContext deploymentContext;
- protected SessionIdMapper idMapper = new InMemorySessionIdMapper();
+ protected SessionIdMapper idMapper;
private final static Logger log = Logger.getLogger("" + SamlFilter.class);
@Override
public void init(final FilterConfig filterConfig) throws ServletException {
+ deploymentContext = (SamlDeploymentContext)filterConfig.getServletContext().getAttribute(SamlDeploymentContext.class.getName());
+ if (deploymentContext != null) {
+ idMapper = (SessionIdMapper)filterConfig.getServletContext().getAttribute(SessionIdMapper.class.getName());
+ return;
+ }
String configResolverClass = filterConfig.getInitParameter("keycloak.config.resolver");
if (configResolverClass != null) {
try {
@@ -92,7 +102,9 @@ public class SamlFilter implements Filter {
deploymentContext = new SamlDeploymentContext(deployment);
log.fine("Keycloak is using a per-deployment configuration.");
}
+ idMapper = new InMemorySessionIdMapper();
filterConfig.getServletContext().setAttribute(SamlDeploymentContext.class.getName(), deploymentContext);
+ filterConfig.getServletContext().setAttribute(SessionIdMapper.class.getName(), idMapper);
}
@@ -108,13 +120,34 @@ public class SamlFilter implements Filter {
return;
}
FilterSamlSessionStore tokenStore = new FilterSamlSessionStore(request, facade, 100000, idMapper);
+ boolean isEndpoint = request.getRequestURI().substring(request.getContextPath().length()).endsWith("/saml");
+ SamlAuthenticator authenticator = null;
+ if (isEndpoint) {
+ authenticator = new SamlAuthenticator(facade, deployment, tokenStore) {
+ @Override
+ protected void completeAuthentication(SamlSession account) {
- SamlAuthenticator authenticator = new SamlAuthenticator(facade, deployment, tokenStore) {
- @Override
- protected void completeAuthentication(SamlSession account) {
+ }
- }
- };
+ @Override
+ protected SamlAuthenticationHandler createBrowserHandler(HttpFacade facade, SamlDeployment deployment, SamlSessionStore sessionStore) {
+ return new SamlEndpoint(facade, deployment, sessionStore);
+ }
+ };
+
+ } else {
+ authenticator = new SamlAuthenticator(facade, deployment, tokenStore) {
+ @Override
+ protected void completeAuthentication(SamlSession account) {
+
+ }
+
+ @Override
+ protected SamlAuthenticationHandler createBrowserHandler(HttpFacade facade, SamlDeployment deployment, SamlSessionStore sessionStore) {
+ return new BrowserHandler(facade, deployment, sessionStore);
+ }
+ };
+ }
AuthOutcome outcome = authenticator.authenticate();
if (outcome == AuthOutcome.AUTHENTICATED) {
log.fine("AUTHENTICATED");
diff --git a/adapters/saml/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/saml/AbstractSamlAuthenticatorValve.java b/adapters/saml/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/saml/AbstractSamlAuthenticatorValve.java
index 3ec5a8f88c..2b2c555a4f 100755
--- a/adapters/saml/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/saml/AbstractSamlAuthenticatorValve.java
+++ b/adapters/saml/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/saml/AbstractSamlAuthenticatorValve.java
@@ -150,10 +150,23 @@ public abstract class AbstractSamlAuthenticatorValve extends FormAuthenticator i
@Override
public void invoke(Request request, Response response) throws IOException, ServletException {
log.fine("*********************** SAML ************");
+ if (request.getRequestURI().substring(request.getContextPath().length()).endsWith("/saml")) {
+ CatalinaHttpFacade facade = new CatalinaHttpFacade(response, request);
+ SamlDeployment deployment = deploymentContext.resolveDeployment(facade);
+ if (deployment != null && deployment.isConfigured()) {
+ SamlSessionStore tokenStore = getSessionStore(request, facade, deployment);
+ SamlAuthenticator authenticator = new CatalinaSamlEndpoint(facade, deployment, tokenStore);
+ executeAuthenticator(request, response, facade, deployment, authenticator);
+ return;
+ }
+
+ }
+
try {
super.invoke(request, response);
} finally {
}
+
}
protected abstract GenericPrincipalFactory createPrincipalFactory();
@@ -187,7 +200,11 @@ public abstract class AbstractSamlAuthenticatorValve extends FormAuthenticator i
SamlSessionStore tokenStore = getSessionStore(request, facade, deployment);
- CatalinaSamlAuthenticator authenticator = new CatalinaSamlAuthenticator(facade, deployment, tokenStore);
+ SamlAuthenticator authenticator = new CatalinaSamlAuthenticator(facade, deployment, tokenStore);
+ return executeAuthenticator(request, response, facade, deployment, authenticator);
+ }
+
+ protected boolean executeAuthenticator(Request request, HttpServletResponse response, CatalinaHttpFacade facade, SamlDeployment deployment, SamlAuthenticator authenticator) {
AuthOutcome outcome = authenticator.authenticate();
if (outcome == AuthOutcome.AUTHENTICATED) {
log.fine("AUTHENTICATED");
@@ -209,9 +226,6 @@ public abstract class AbstractSamlAuthenticatorValve extends FormAuthenticator i
AuthChallenge challenge = authenticator.getChallenge();
if (challenge != null) {
log.fine("challenge");
- if (loginConfig == null) {
- loginConfig = request.getContext().getLoginConfig();
- }
challenge.challenge(facade);
}
return false;
diff --git a/adapters/saml/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/saml/CatalinaSamlAuthenticator.java b/adapters/saml/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/saml/CatalinaSamlAuthenticator.java
index b991124c4a..d39eba8507 100755
--- a/adapters/saml/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/saml/CatalinaSamlAuthenticator.java
+++ b/adapters/saml/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/saml/CatalinaSamlAuthenticator.java
@@ -1,5 +1,7 @@
package org.keycloak.adapters.saml;
+import org.keycloak.adapters.saml.profile.SamlAuthenticationHandler;
+import org.keycloak.adapters.saml.profile.webbrowsersso.BrowserHandler;
import org.keycloak.adapters.spi.HttpFacade;
/**
@@ -15,4 +17,10 @@ public class CatalinaSamlAuthenticator extends SamlAuthenticator {
protected void completeAuthentication(SamlSession account) {
// complete
}
+
+ @Override
+ protected SamlAuthenticationHandler createBrowserHandler(HttpFacade facade, SamlDeployment deployment, SamlSessionStore sessionStore) {
+ return new BrowserHandler(facade, deployment, sessionStore);
+ }
+
}
diff --git a/adapters/saml/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/saml/CatalinaSamlEndpoint.java b/adapters/saml/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/saml/CatalinaSamlEndpoint.java
new file mode 100755
index 0000000000..b2e30b354a
--- /dev/null
+++ b/adapters/saml/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/saml/CatalinaSamlEndpoint.java
@@ -0,0 +1,28 @@
+package org.keycloak.adapters.saml;
+
+import org.keycloak.adapters.saml.profile.SamlAuthenticationHandler;
+import org.keycloak.adapters.saml.profile.webbrowsersso.BrowserHandler;
+import org.keycloak.adapters.saml.profile.webbrowsersso.SamlEndpoint;
+import org.keycloak.adapters.spi.HttpFacade;
+
+/**
+ * @author Bill Burke
+ * @version $Revision: 1 $
+ */
+public class CatalinaSamlEndpoint extends SamlAuthenticator {
+ public CatalinaSamlEndpoint(HttpFacade facade, SamlDeployment deployment, SamlSessionStore sessionStore) {
+ super(facade, deployment, sessionStore);
+ }
+
+ @Override
+ protected void completeAuthentication(SamlSession account) {
+ // complete
+ }
+
+ @Override
+ protected SamlAuthenticationHandler createBrowserHandler(HttpFacade facade, SamlDeployment deployment, SamlSessionStore sessionStore) {
+ return new SamlEndpoint(facade, deployment, sessionStore);
+ }
+
+
+}
diff --git a/adapters/saml/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/saml/CatalinaSamlSessionStore.java b/adapters/saml/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/saml/CatalinaSamlSessionStore.java
index 340c8113e3..9ebf55fab9 100755
--- a/adapters/saml/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/saml/CatalinaSamlSessionStore.java
+++ b/adapters/saml/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/saml/CatalinaSamlSessionStore.java
@@ -9,9 +9,11 @@ import org.keycloak.adapters.spi.HttpFacade;
import org.keycloak.adapters.spi.SessionIdMapper;
import org.keycloak.adapters.tomcat.CatalinaUserSessionManagement;
import org.keycloak.adapters.tomcat.GenericPrincipalFactory;
+import org.keycloak.common.util.KeycloakUriBuilder;
import org.keycloak.dom.saml.v2.protocol.StatusResponseType;
import org.keycloak.dom.saml.v2.protocol.StatusType;
+import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.util.LinkedList;
@@ -193,7 +195,13 @@ public class CatalinaSamlSessionStore implements SamlSessionStore {
@Override
public String getRedirectUri() {
- return (String)getSession(true).getAttribute(SAML_REDIRECT_URI);
+ String redirect = (String)getSession(true).getAttribute(SAML_REDIRECT_URI);
+ if (redirect == null) {
+ String contextPath = request.getContextPath();
+ String baseUri = KeycloakUriBuilder.fromUri(request.getRequestURL().toString()).replacePath(contextPath).build().toString();
+ return SamlUtil.getRedirectTo(facade, contextPath, baseUri);
+ }
+ return redirect;
}
@Override
diff --git a/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/AbstractSamlAuthMech.java b/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/AbstractSamlAuthMech.java
index 3d632dd9ac..fdb764ba3d 100755
--- a/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/AbstractSamlAuthMech.java
+++ b/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/AbstractSamlAuthMech.java
@@ -16,6 +16,7 @@
*/
package org.keycloak.adapters.saml.undertow;
+import org.keycloak.adapters.saml.SamlAuthenticator;
import org.keycloak.adapters.saml.SamlDeployment;
import org.keycloak.adapters.saml.SamlDeploymentContext;
import org.keycloak.adapters.saml.SamlSessionStore;
@@ -104,7 +105,14 @@ public abstract class AbstractSamlAuthMech implements AuthenticationMechanism {
return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
}
SamlSessionStore sessionStore = getTokenStore(exchange, facade, deployment, securityContext);
- UndertowSamlAuthenticator authenticator = new UndertowSamlAuthenticator(securityContext, facade, deploymentContext.resolveDeployment(facade), sessionStore);
+ SamlAuthenticator authenticator = null;
+ if (exchange.getRequestPath().endsWith("/saml")) {
+ authenticator = new UndertowSamlEndpoint(facade, deploymentContext.resolveDeployment(facade), sessionStore);
+ } else {
+ authenticator = new UndertowSamlAuthenticator(securityContext, facade, deploymentContext.resolveDeployment(facade), sessionStore);
+
+ }
+
AuthOutcome outcome = authenticator.authenticate();
if (outcome == AuthOutcome.AUTHENTICATED) {
registerNotifications(securityContext);
diff --git a/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/SamlServletExtension.java b/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/SamlServletExtension.java
index a7abb47b4a..ffde30f885 100755
--- a/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/SamlServletExtension.java
+++ b/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/SamlServletExtension.java
@@ -26,7 +26,9 @@ import io.undertow.servlet.ServletExtension;
import io.undertow.servlet.api.AuthMethodConfig;
import io.undertow.servlet.api.DeploymentInfo;
import io.undertow.servlet.api.LoginConfig;
+import io.undertow.servlet.api.SecurityConstraint;
import io.undertow.servlet.api.ServletSessionConfig;
+import io.undertow.servlet.api.WebResourceCollection;
import org.jboss.logging.Logger;
import org.keycloak.adapters.saml.AdapterConstants;
import org.keycloak.adapters.saml.DefaultSamlDeployment;
@@ -184,10 +186,24 @@ public class SamlServletExtension implements ServletExtension {
ServletSessionConfig cookieConfig = new ServletSessionConfig();
cookieConfig.setPath(deploymentInfo.getContextPath());
deploymentInfo.setServletSessionConfig(cookieConfig);
+ addEndpointConstraint(deploymentInfo);
+
ChangeSessionId.turnOffChangeSessionIdOnLogin(deploymentInfo);
}
+ /**
+ * add security constraint to /saml so that the endpoint can be called and auth mechanism pinged.
+ * @param deploymentInfo
+ */
+ protected void addEndpointConstraint(DeploymentInfo deploymentInfo) {
+ SecurityConstraint constraint = new SecurityConstraint();
+ WebResourceCollection collection = new WebResourceCollection();
+ collection.addUrlPattern("/saml");
+ constraint.addWebResourceCollection(collection);
+ deploymentInfo.addSecurityConstraint(constraint);
+ }
+
protected ServletSamlAuthMech createAuthMech(DeploymentInfo deploymentInfo, SamlDeploymentContext deploymentContext, UndertowUserSessionManagement userSessionManagement) {
return new ServletSamlAuthMech(deploymentContext, userSessionManagement, getErrorPage(deploymentInfo));
}
diff --git a/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/ServletSamlSessionStore.java b/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/ServletSamlSessionStore.java
index cd6f217638..48af4ed044 100755
--- a/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/ServletSamlSessionStore.java
+++ b/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/ServletSamlSessionStore.java
@@ -8,19 +8,19 @@ import io.undertow.servlet.handlers.ServletRequestContext;
import io.undertow.servlet.spec.HttpSessionImpl;
import org.jboss.logging.Logger;
import org.keycloak.adapters.saml.SamlDeployment;
+import org.keycloak.adapters.saml.SamlUtil;
import org.keycloak.adapters.spi.SessionIdMapper;
import org.keycloak.adapters.saml.SamlSession;
import org.keycloak.adapters.saml.SamlSessionStore;
import org.keycloak.adapters.undertow.ChangeSessionId;
import org.keycloak.adapters.undertow.SavedRequest;
+import org.keycloak.adapters.undertow.ServletHttpFacade;
import org.keycloak.adapters.undertow.UndertowUserSessionManagement;
import org.keycloak.common.util.KeycloakUriBuilder;
-import org.keycloak.dom.saml.v2.protocol.StatusType;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
-import java.io.IOException;
import java.security.Principal;
import java.util.LinkedList;
import java.util.List;
@@ -179,7 +179,15 @@ public class ServletSamlSessionStore implements SamlSessionStore {
public String getRedirectUri() {
final ServletRequestContext sc = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
HttpSessionImpl session = sc.getCurrentServletContext().getSession(exchange, true);
- return (String)session.getAttribute(SAML_REDIRECT_URI);
+ String redirect = (String)session.getAttribute(SAML_REDIRECT_URI);
+ if (redirect == null) {
+ ServletHttpFacade facade = new ServletHttpFacade(exchange);
+ HttpServletRequest req = (HttpServletRequest)sc.getServletRequest();
+ String contextPath = req.getContextPath();
+ String baseUri = KeycloakUriBuilder.fromUri(req.getRequestURL().toString()).replacePath(contextPath).build().toString();
+ return SamlUtil.getRedirectTo(facade, contextPath, baseUri);
+ }
+ return redirect;
}
@Override
diff --git a/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/UndertowSamlAuthenticator.java b/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/UndertowSamlAuthenticator.java
index eac0cf7d83..f1f0a6eaba 100755
--- a/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/UndertowSamlAuthenticator.java
+++ b/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/UndertowSamlAuthenticator.java
@@ -2,6 +2,9 @@ package org.keycloak.adapters.saml.undertow;
import io.undertow.security.api.SecurityContext;
import io.undertow.security.idm.Account;
+import org.keycloak.adapters.saml.profile.SamlAuthenticationHandler;
+import org.keycloak.adapters.saml.profile.webbrowsersso.BrowserHandler;
+import org.keycloak.adapters.saml.profile.webbrowsersso.SamlEndpoint;
import org.keycloak.adapters.spi.HttpFacade;
import org.keycloak.adapters.saml.SamlAuthenticator;
import org.keycloak.adapters.saml.SamlDeployment;
@@ -39,4 +42,10 @@ public class UndertowSamlAuthenticator extends SamlAuthenticator {
securityContext.authenticationComplete(undertowAccount, "KEYCLOAK-SAML", false);
}
+
+ @Override
+ protected SamlAuthenticationHandler createBrowserHandler(HttpFacade facade, SamlDeployment deployment, SamlSessionStore sessionStore) {
+ return new BrowserHandler(facade, deployment, sessionStore);
+ }
+
}
diff --git a/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/UndertowSamlEndpoint.java b/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/UndertowSamlEndpoint.java
new file mode 100755
index 0000000000..412d104d0c
--- /dev/null
+++ b/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/UndertowSamlEndpoint.java
@@ -0,0 +1,32 @@
+package org.keycloak.adapters.saml.undertow;
+
+import io.undertow.server.HttpHandler;
+import org.keycloak.adapters.saml.SamlAuthenticator;
+import org.keycloak.adapters.saml.SamlDeployment;
+import org.keycloak.adapters.saml.SamlSession;
+import org.keycloak.adapters.saml.SamlSessionStore;
+import org.keycloak.adapters.saml.profile.SamlAuthenticationHandler;
+import org.keycloak.adapters.saml.profile.webbrowsersso.SamlEndpoint;
+import org.keycloak.adapters.spi.HttpFacade;
+
+/**
+ * @author Bill Burke
+ * @version $Revision: 1 $
+ */
+public class UndertowSamlEndpoint extends SamlAuthenticator {
+ public UndertowSamlEndpoint(HttpFacade facade, SamlDeployment deployment, SamlSessionStore sessionStore) {
+ super(facade, deployment, sessionStore);
+ }
+
+
+
+ @Override
+ protected void completeAuthentication(SamlSession samlSession) {
+
+ }
+
+ @Override
+ protected SamlAuthenticationHandler createBrowserHandler(HttpFacade facade, SamlDeployment deployment, SamlSessionStore sessionStore) {
+ return new SamlEndpoint(facade, deployment, sessionStore);
+ }
+}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/keycloaksaml/SamlAdapterTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/keycloaksaml/SamlAdapterTest.java
index c4acbd2138..bf7d555453 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/keycloaksaml/SamlAdapterTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/keycloaksaml/SamlAdapterTest.java
@@ -24,6 +24,7 @@ public class SamlAdapterTest {
ClassLoader classLoader = SamlAdapterTest.class.getClassLoader();
initializeSamlSecuredWar("/keycloak-saml/simple-post", "/sales-post", "post.war", classLoader);
+ initializeSamlSecuredWar("/keycloak-saml/simple-post2", "/sales-post2", "post.war", classLoader);
initializeSamlSecuredWar("/keycloak-saml/simple-post-passive", "/sales-post-passive", "post-passive.war", classLoader);
initializeSamlSecuredWar("/keycloak-saml/signed-post", "/sales-post-sig", "post-sig.war", classLoader);
initializeSamlSecuredWar("/keycloak-saml/signed-post-email", "/sales-post-sig-email", "post-sig-email.war", classLoader);
@@ -76,7 +77,7 @@ public class SamlAdapterTest {
}
- //@Test Doesn't work for Wildfly as the input stream is read by getParameter for SAML POST binding
+ @Test
public void testSavedPostRequest() throws Exception {
testStrategy.testSavedPostRequest();
}
@@ -129,6 +130,11 @@ public class SamlAdapterTest {
testStrategy.testPostSimpleLoginLogoutIdpInitiated();
}
+ @Test
+ public void testPostSimpleLoginLogoutIdpInitiatedRedirectTo() {
+ testStrategy.testPostSimpleLoginLogoutIdpInitiatedRedirectTo();
+ }
+
@Test
public void testAttributes() throws Exception {
testStrategy.testAttributes();
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/keycloaksaml/SamlAdapterTestStrategy.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/keycloaksaml/SamlAdapterTestStrategy.java
index 43c8189b3e..4229afcf3e 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/keycloaksaml/SamlAdapterTestStrategy.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/keycloaksaml/SamlAdapterTestStrategy.java
@@ -124,7 +124,7 @@ public class SamlAdapterTestStrategy extends ExternalResource {
public void testSavedPostRequest() throws Exception {
// test login to customer-portal which does a bearer request to customer-db
driver.navigate().to(APP_SERVER_BASE_URL + "/input-portal");
- System.out.println("Current url: " + driver.getCurrentUrl());
+ System.err.println("*********** Current url: " + driver.getCurrentUrl());
Assert.assertTrue(driver.getCurrentUrl().startsWith(APP_SERVER_BASE_URL + "/input-portal"));
inputPage.execute("hello");
@@ -160,13 +160,13 @@ public class SamlAdapterTestStrategy extends ExternalResource {
Response response = client.target(APP_SERVER_BASE_URL + "/employee-sig/").request().get();
response.close();
SAML2ErrorResponseBuilder builder = new SAML2ErrorResponseBuilder()
- .destination(APP_SERVER_BASE_URL + "/employee-sig/")
+ .destination(APP_SERVER_BASE_URL + "/employee-sig/saml")
.issuer(AUTH_SERVER_URL + "/realms/demo")
.status(JBossSAMLURIConstants.STATUS_REQUEST_DENIED.get());
BaseSAML2BindingBuilder binding = new BaseSAML2BindingBuilder()
.relayState(null);
Document document = builder.buildDocument();
- URI uri = binding.redirectBinding(document).generateURI(APP_SERVER_BASE_URL + "/employee-sig/", false);
+ URI uri = binding.redirectBinding(document).generateURI(APP_SERVER_BASE_URL + "/employee-sig/saml", false);
response = client.target(uri).request().get();
String errorPage = response.readEntity(String.class);
response.close();
@@ -195,7 +195,7 @@ public class SamlAdapterTestStrategy extends ExternalResource {
// first request on passive app - no login page shown, user not logged in as we are in passive mode.
// Shown page depends on used authentication mechanism, some may return forbidden error, some return requested page with anonymous user (not logged in)
driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-passive/");
- assertEquals(APP_SERVER_BASE_URL + "/sales-post-passive/", driver.getCurrentUrl());
+ assertEquals(APP_SERVER_BASE_URL + "/sales-post-passive/saml", driver.getCurrentUrl());
System.out.println(driver.getPageSource());
if (forbiddenIfNotauthenticated) {
Assert.assertTrue(driver.getPageSource().contains("HTTP status code: 403"));
@@ -219,7 +219,7 @@ public class SamlAdapterTestStrategy extends ExternalResource {
// refresh passive app page, not logged in again as we are in passive mode
driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-passive/");
- assertEquals(APP_SERVER_BASE_URL + "/sales-post-passive/", driver.getCurrentUrl());
+ assertEquals(APP_SERVER_BASE_URL + "/sales-post-passive/saml", driver.getCurrentUrl());
Assert.assertFalse(driver.getPageSource().contains("bburke"));
}
@@ -235,13 +235,23 @@ public class SamlAdapterTestStrategy extends ExternalResource {
public void testPostSimpleLoginLogoutIdpInitiated() {
driver.navigate().to(AUTH_SERVER_URL + "/realms/demo/protocol/saml/clients/sales-post");
loginPage.login("bburke", "password");
- assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/sales-post/");
+ Assert.assertTrue(driver.getCurrentUrl().startsWith(APP_SERVER_BASE_URL + "/sales-post"));
System.out.println(driver.getPageSource());
Assert.assertTrue(driver.getPageSource().contains("bburke"));
driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post?GLO=true");
checkLoggedOut(APP_SERVER_BASE_URL + "/sales-post/", true);
}
+ public void testPostSimpleLoginLogoutIdpInitiatedRedirectTo() {
+ driver.navigate().to(AUTH_SERVER_URL + "/realms/demo/protocol/saml/clients/sales-post2");
+ loginPage.login("bburke", "password");
+ assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/sales-post2/foo");
+ System.out.println(driver.getPageSource());
+ Assert.assertTrue(driver.getPageSource().contains("bburke"));
+ driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post2?GLO=true");
+ checkLoggedOut(APP_SERVER_BASE_URL + "/sales-post2/", true);
+ }
+
public void testPostSignedLoginLogout() {
driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-sig/");
assertAtLoginPagePostBinding();
@@ -486,7 +496,7 @@ public class SamlAdapterTestStrategy extends ExternalResource {
driver.navigate().to(APP_SERVER_BASE_URL + "/bad-realm-sales-post-sig/");
assertAtLoginPagePostBinding();
loginPage.login("bburke", "password");
- assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/bad-realm-sales-post-sig/");
+ assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/bad-realm-sales-post-sig/saml");
System.out.println(driver.getPageSource());
Assert.assertNotNull(ErrorServlet.authError);
SamlAuthenticationError error = (SamlAuthenticationError)ErrorServlet.authError;
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/keycloaksaml/SendUsernameServlet.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/keycloaksaml/SendUsernameServlet.java
index f3a14f4939..1457594a55 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/keycloaksaml/SendUsernameServlet.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/keycloaksaml/SendUsernameServlet.java
@@ -38,7 +38,7 @@ public class SendUsernameServlet extends HttpServlet {
OutputStream stream = resp.getOutputStream();
Principal principal = req.getUserPrincipal();
stream.write("request-path: ".getBytes());
- stream.write(req.getPathInfo().getBytes());
+ if (req.getPathInfo() != null) stream.write(req.getPathInfo().getBytes());
stream.write("\n".getBytes());
stream.write("principal=".getBytes());
if (principal == null) {
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/samlfilter/SamlAdapterTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/samlfilter/SamlAdapterTest.java
index d0c5d2150b..727aa91bb8 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/samlfilter/SamlAdapterTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/samlfilter/SamlAdapterTest.java
@@ -24,6 +24,7 @@ public class SamlAdapterTest {
ClassLoader classLoader = SamlAdapterTest.class.getClassLoader();
initializeSamlSecuredWar("/keycloak-saml/simple-post", "/sales-post", "post.war", classLoader);
+ initializeSamlSecuredWar("/keycloak-saml/simple-post2", "/sales-post2", "post.war", classLoader);
initializeSamlSecuredWar("/keycloak-saml/simple-post-passive", "/sales-post-passive", "post-passive.war", classLoader);
initializeSamlSecuredWar("/keycloak-saml/signed-post", "/sales-post-sig", "post-sig.war", classLoader);
initializeSamlSecuredWar("/keycloak-saml/signed-post-email", "/sales-post-sig-email", "post-sig-email.war", classLoader);
@@ -72,6 +73,12 @@ public class SamlAdapterTest {
}
}
+ @Test
+ public void testPostSimpleLoginLogoutIdpInitiatedRedirectTo() {
+ testStrategy.testPostSimpleLoginLogoutIdpInitiatedRedirectTo();
+ }
+
+
@Test
public void testMetadataPostSignedLoginLogout() throws Exception {
testStrategy.testMetadataPostSignedLoginLogout();
diff --git a/testsuite/integration/src/test/resources/keycloak-saml/simple-post2/WEB-INF/keycloak-saml.xml b/testsuite/integration/src/test/resources/keycloak-saml/simple-post2/WEB-INF/keycloak-saml.xml
new file mode 100755
index 0000000000..c7c95e9b1e
--- /dev/null
+++ b/testsuite/integration/src/test/resources/keycloak-saml/simple-post2/WEB-INF/keycloak-saml.xml
@@ -0,0 +1,24 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/testsuite/integration/src/test/resources/keycloak-saml/sp-metadata.xml b/testsuite/integration/src/test/resources/keycloak-saml/sp-metadata.xml
index 9b8b8990f3..a8884f4a21 100755
--- a/testsuite/integration/src/test/resources/keycloak-saml/sp-metadata.xml
+++ b/testsuite/integration/src/test/resources/keycloak-saml/sp-metadata.xml
@@ -7,9 +7,9 @@
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol http://schemas.xmlsoap.org/ws/2003/07/secext">
urn:oasis:names:tc:SAML:2.0:nameid-format:transient
-
+
diff --git a/testsuite/integration/src/test/resources/keycloak-saml/testsaml.json b/testsuite/integration/src/test/resources/keycloak-saml/testsaml.json
index 4df617d64a..92ddf1a9af 100755
--- a/testsuite/integration/src/test/resources/keycloak-saml/testsaml.json
+++ b/testsuite/integration/src/test/resources/keycloak-saml/testsaml.json
@@ -78,13 +78,30 @@
],
"attributes": {
"saml.authnstatement": "true",
- "saml_assertion_consumer_url_post": "http://localhost:8081/sales-post/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8081/sales-post/",
- "saml_single_logout_service_url_post": "http://localhost:8081/sales-post/",
- "saml_single_logout_service_url_redirect": "http://localhost:8081/sales-post/",
+ "saml_assertion_consumer_url_post": "http://localhost:8081/sales-post/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8081/sales-post/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8081/sales-post/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8081/sales-post/saml",
"saml_idp_initiated_sso_url_name": "sales-post"
}
},
+ {
+ "name": "http://localhost:8081/sales-post2/",
+ "enabled": true,
+ "fullScopeAllowed": true,
+ "protocol": "saml",
+ "baseUrl": "http://localhost:8081/sales-post2",
+ "redirectUris": [
+ "http://localhost:8081/sales-post2/*"
+ ],
+ "attributes": {
+ "saml.authnstatement": "true",
+ "saml_assertion_consumer_url_post": "http://localhost:8081/sales-post2/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8081/sales-post2/saml",
+ "saml_idp_initiated_sso_url_name": "sales-post2",
+ "saml_idp_initiated_sso_relay_state": "redirectTo=/foo"
+ }
+ },
{
"name": "http://localhost:8081/input-portal/",
"enabled": true,
@@ -96,10 +113,10 @@
],
"attributes": {
"saml.authnstatement": "true",
- "saml_assertion_consumer_url_post": "http://localhost:8081/input-portal/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8081/input-portal/",
- "saml_single_logout_service_url_post": "http://localhost:8081/input-portal/",
- "saml_single_logout_service_url_redirect": "http://localhost:8081/input-portal/"
+ "saml_assertion_consumer_url_post": "http://localhost:8081/input-portal/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8081/input-portal/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8081/input-portal/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8081/input-portal/saml"
}
},
{
@@ -113,10 +130,10 @@
],
"attributes": {
"saml.authnstatement": "true",
- "saml_assertion_consumer_url_post": "http://localhost:8081/sales-post-passive/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8081/sales-post-passive/",
- "saml_single_logout_service_url_post": "http://localhost:8081/sales-post-passive/",
- "saml_single_logout_service_url_redirect": "http://localhost:8081/sales-post-passive/",
+ "saml_assertion_consumer_url_post": "http://localhost:8081/sales-post-passive/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8081/sales-post-passive/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8081/sales-post-passive/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8081/sales-post-passive/saml",
"saml_idp_initiated_sso_url_name": "sales-post-passive"
}
},
@@ -130,10 +147,10 @@
"http://localhost:8081/sales-post-sig/*"
],
"attributes": {
- "saml_assertion_consumer_url_post": "http://localhost:8081/sales-post-sig/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8081/sales-post-sig/",
- "saml_single_logout_service_url_post": "http://localhost:8081/sales-post-sig/",
- "saml_single_logout_service_url_redirect": "http://localhost:8081/sales-post-sig/",
+ "saml_assertion_consumer_url_post": "http://localhost:8081/sales-post-sig/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8081/sales-post-sig/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8081/sales-post-sig/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8081/sales-post-sig/saml",
"saml.server.signature": "true",
"saml.signature.algorithm": "RSA_SHA256",
"saml.client.signature": "true",
@@ -152,10 +169,10 @@
"http://localhost:8081/sales-post-sig-transient/*"
],
"attributes": {
- "saml_assertion_consumer_url_post": "http://localhost:8081/sales-post-sig-transient/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8081/sales-post-sig-transient/",
- "saml_single_logout_service_url_post": "http://localhost:8081/sales-post-sig-transient/",
- "saml_single_logout_service_url_redirect": "http://localhost:8081/sales-post-sig-transient/",
+ "saml_assertion_consumer_url_post": "http://localhost:8081/sales-post-sig-transient/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8081/sales-post-sig-transient/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8081/sales-post-sig-transient/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8081/sales-post-sig-transient/saml",
"saml.server.signature": "true",
"saml.signature.algorithm": "RSA_SHA256",
"saml.client.signature": "true",
@@ -173,10 +190,10 @@
"http://localhost:8081/sales-post-sig-persistent/*"
],
"attributes": {
- "saml_assertion_consumer_url_post": "http://localhost:8081/sales-post-sig-persistent/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8081/sales-post-sig-persistent/",
- "saml_single_logout_service_url_post": "http://localhost:8081/sales-post-sig-persistent/",
- "saml_single_logout_service_url_redirect": "http://localhost:8081/sales-post-sig-persistent/",
+ "saml_assertion_consumer_url_post": "http://localhost:8081/sales-post-sig-persistent/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8081/sales-post-sig-persistent/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8081/sales-post-sig-persistent/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8081/sales-post-sig-persistent/saml",
"saml.server.signature": "true",
"saml.signature.algorithm": "RSA_SHA256",
"saml.client.signature": "true",
@@ -197,10 +214,10 @@
"attributes": {
"saml_force_name_id_format": "true",
"saml_name_id_format": "email",
- "saml_assertion_consumer_url_post": "http://localhost:8081/sales-post-sig-email/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8081/sales-post-sig-email/",
- "saml_single_logout_service_url_post": "http://localhost:8081/sales-post-sig-email/",
- "saml_single_logout_service_url_redirect": "http://localhost:8081/sales-post-sig-email/",
+ "saml_assertion_consumer_url_post": "http://localhost:8081/sales-post-sig-email/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8081/sales-post-sig-email/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8081/sales-post-sig-email/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8081/sales-post-sig-email/saml",
"saml.server.signature": "true",
"saml.signature.algorithm": "RSA_SHA256",
"saml.client.signature": "true",
@@ -214,7 +231,7 @@
"protocol": "saml",
"fullScopeAllowed": true,
"baseUrl": "http://localhost:8081/bad-realm-sales-post-sig/",
- "adminUrl": "http://localhost:8081/bad-realm-sales-post-sig/",
+ "adminUrl": "http://localhost:8081/bad-realm-sales-post-sig/saml",
"redirectUris": [
"http://localhost:8081/bad-realm-sales-post-sig/*"
],
@@ -231,7 +248,7 @@
"protocol": "saml",
"fullScopeAllowed": true,
"baseUrl": "http://localhost:8081/bad-client-sales-post-sig/",
- "adminUrl": "http://localhost:8081/bad-client-sales-post-sig/",
+ "adminUrl": "http://localhost:8081/bad-client-sales-post-sig/saml",
"redirectUris": [
"http://localhost:8081/bad-client-sales-post-sig/*"
],
@@ -252,10 +269,10 @@
"http://localhost:8081/sales-post-enc/*"
],
"attributes": {
- "saml_assertion_consumer_url_post": "http://localhost:8081/sales-post-enc/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8081/sales-post-enc/",
- "saml_single_logout_service_url_post": "http://localhost:8081/sales-post-enc/",
- "saml_single_logout_service_url_redirect": "http://localhost:8081/sales-post-enc/",
+ "saml_assertion_consumer_url_post": "http://localhost:8081/sales-post-enc/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8081/sales-post-enc/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8081/sales-post-enc/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8081/sales-post-enc/saml",
"saml.server.signature": "true",
"saml.signature.algorithm": "RSA_SHA512",
"saml.client.signature": "true",
@@ -274,7 +291,7 @@
"redirectUris": [
"http://localhost:8081/employee-sig/*"
],
- "adminUrl": "http://localhost:8081/employee-sig/",
+ "adminUrl": "http://localhost:8081/employee-sig/saml",
"attributes": {
"saml.server.signature": "true",
"saml.client.signature": "true",
@@ -288,7 +305,7 @@
"enabled": true,
"protocol": "saml",
"fullScopeAllowed": true,
- "baseUrl": "http://localhost:8081/employee/",
+ "baseUrl": "http://localhost:8081/employee/saml",
"redirectUris": [
"http://localhost:8081/employee/*"
],
@@ -342,7 +359,7 @@
"redirectUris": [
"http://localhost:8081/employee2/*"
],
- "adminUrl": "http://localhost:8081/employee2/",
+ "adminUrl": "http://localhost:8081/employee2/saml",
"attributes": {
"saml.authnstatement": "true"
},
@@ -394,10 +411,10 @@
"http://localhost:8081/employee-sig-front/*"
],
"attributes": {
- "saml_assertion_consumer_url_post": "http://localhost:8081/employee-sig-front/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8081/employee-sig-front/",
- "saml_single_logout_service_url_post": "http://localhost:8081/employee-sig-front/",
- "saml_single_logout_service_url_redirect": "http://localhost:8081/employee-sig-front/",
+ "saml_assertion_consumer_url_post": "http://localhost:8081/employee-sig-front/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8081/employee-sig-front/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8081/employee-sig-front/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8081/employee-sig-front/saml",
"saml.server.signature": "true",
"saml.client.signature": "true",
"saml.signature.algorithm": "RSA_SHA1",
diff --git a/testsuite/jetty/jetty81/src/test/java/org/keycloak/testsuite/JettySamlTest.java b/testsuite/jetty/jetty81/src/test/java/org/keycloak/testsuite/JettySamlTest.java
index 40edb45d0a..732017f927 100755
--- a/testsuite/jetty/jetty81/src/test/java/org/keycloak/testsuite/JettySamlTest.java
+++ b/testsuite/jetty/jetty81/src/test/java/org/keycloak/testsuite/JettySamlTest.java
@@ -70,6 +70,8 @@ public class JettySamlTest {
File base = new File(dir.getFile()).getParentFile();
//list.add(new WebAppContext(new File(base, "customer-portal").toString(), "/customer-portal"));
list.add(new WebAppContext(new File(base, "simple-post").toString(), "/sales-post"));
+ list.add(new WebAppContext(new File(base, "simple-post2").toString(), "/sales-post2"));
+ list.add(new WebAppContext(new File(base, "simple-input").toString(), "/input-portal"));
list.add(new WebAppContext(new File(base, "signed-post").toString(), "/sales-post-sig"));
list.add(new WebAppContext(new File(base, "signed-post-email").toString(), "/sales-post-sig-email"));
list.add(new WebAppContext(new File(base, "signed-post-transient").toString(), "/sales-post-sig-transient"));
@@ -103,6 +105,16 @@ public class JettySamlTest {
} catch (Exception e) {}
}
+ @Test
+ public void testSavedPostRequest() throws Exception {
+ testStrategy.testSavedPostRequest();
+ }
+ @Test
+ public void testPostSimpleLoginLogoutIdpInitiatedRedirectTo() {
+ testStrategy.testPostSimpleLoginLogoutIdpInitiatedRedirectTo();
+ }
+
+
@Test
public void testErrorHandling() throws Exception {
testStrategy.testErrorHandling();
diff --git a/testsuite/jetty/jetty81/src/test/resources/keycloak-saml/simple-input/WEB-INF/jetty-web.xml b/testsuite/jetty/jetty81/src/test/resources/keycloak-saml/simple-input/WEB-INF/jetty-web.xml
new file mode 100755
index 0000000000..4ff86d4f52
--- /dev/null
+++ b/testsuite/jetty/jetty81/src/test/resources/keycloak-saml/simple-input/WEB-INF/jetty-web.xml
@@ -0,0 +1,29 @@
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/testsuite/jetty/jetty81/src/test/resources/keycloak-saml/simple-input/WEB-INF/keycloak-saml.xml b/testsuite/jetty/jetty81/src/test/resources/keycloak-saml/simple-input/WEB-INF/keycloak-saml.xml
new file mode 100755
index 0000000000..9fbc22be05
--- /dev/null
+++ b/testsuite/jetty/jetty81/src/test/resources/keycloak-saml/simple-input/WEB-INF/keycloak-saml.xml
@@ -0,0 +1,24 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/testsuite/jetty/jetty81/src/test/resources/keycloak-saml/simple-input/WEB-INF/web.xml b/testsuite/jetty/jetty81/src/test/resources/keycloak-saml/simple-input/WEB-INF/web.xml
new file mode 100755
index 0000000000..318bf6500e
--- /dev/null
+++ b/testsuite/jetty/jetty81/src/test/resources/keycloak-saml/simple-input/WEB-INF/web.xml
@@ -0,0 +1,43 @@
+
+
+
+ adapter-test
+
+
+ SendUsernameServlet
+ org.keycloak.testsuite.keycloaksaml.InputServlet
+
+
+ SendUsernameServlet
+ /*
+
+
+
+
+ Users
+ /secured/*
+
+
+ manager
+
+
+
+
+ BASIC
+ demo
+
+ /error.html
+ /error.html
+
+
+
+
+ manager
+
+
+ el-jefe
+
+
diff --git a/testsuite/jetty/jetty81/src/test/resources/keycloak-saml/simple-post2/WEB-INF/jetty-web.xml b/testsuite/jetty/jetty81/src/test/resources/keycloak-saml/simple-post2/WEB-INF/jetty-web.xml
new file mode 100755
index 0000000000..4ff86d4f52
--- /dev/null
+++ b/testsuite/jetty/jetty81/src/test/resources/keycloak-saml/simple-post2/WEB-INF/jetty-web.xml
@@ -0,0 +1,29 @@
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/testsuite/jetty/jetty81/src/test/resources/keycloak-saml/simple-post2/WEB-INF/keycloak-saml.xml b/testsuite/jetty/jetty81/src/test/resources/keycloak-saml/simple-post2/WEB-INF/keycloak-saml.xml
new file mode 100755
index 0000000000..4644d6c71d
--- /dev/null
+++ b/testsuite/jetty/jetty81/src/test/resources/keycloak-saml/simple-post2/WEB-INF/keycloak-saml.xml
@@ -0,0 +1,24 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/testsuite/jetty/jetty81/src/test/resources/keycloak-saml/simple-post2/WEB-INF/web.xml b/testsuite/jetty/jetty81/src/test/resources/keycloak-saml/simple-post2/WEB-INF/web.xml
new file mode 100755
index 0000000000..86db4a46a4
--- /dev/null
+++ b/testsuite/jetty/jetty81/src/test/resources/keycloak-saml/simple-post2/WEB-INF/web.xml
@@ -0,0 +1,43 @@
+
+
+
+ adapter-test
+
+
+ SendUsernameServlet
+ org.keycloak.testsuite.keycloaksaml.SendUsernameServlet
+
+
+ SendUsernameServlet
+ /*
+
+
+
+
+ Users
+ /*
+
+
+ manager
+
+
+
+
+ BASIC
+ demo
+
+ /error.html
+ /error.html
+
+
+
+
+ manager
+
+
+ el-jefe
+
+
diff --git a/testsuite/jetty/jetty81/src/test/resources/keycloak-saml/sp-metadata.xml b/testsuite/jetty/jetty81/src/test/resources/keycloak-saml/sp-metadata.xml
index 8f143deb61..5eac6879d7 100755
--- a/testsuite/jetty/jetty81/src/test/resources/keycloak-saml/sp-metadata.xml
+++ b/testsuite/jetty/jetty81/src/test/resources/keycloak-saml/sp-metadata.xml
@@ -7,9 +7,9 @@
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol http://schemas.xmlsoap.org/ws/2003/07/secext">
urn:oasis:names:tc:SAML:2.0:nameid-format:transient
-
+
diff --git a/testsuite/jetty/jetty81/src/test/resources/keycloak-saml/testsaml.json b/testsuite/jetty/jetty81/src/test/resources/keycloak-saml/testsaml.json
index 04c5dcdf0f..71cde711a7 100755
--- a/testsuite/jetty/jetty81/src/test/resources/keycloak-saml/testsaml.json
+++ b/testsuite/jetty/jetty81/src/test/resources/keycloak-saml/testsaml.json
@@ -78,13 +78,45 @@
],
"attributes": {
"saml.authnstatement": "true",
- "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post/",
- "saml_single_logout_service_url_post": "http://localhost:8082/sales-post/",
- "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post/",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/sales-post/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post/saml",
"saml_idp_initiated_sso_url_name": "sales-post"
}
},
+ {
+ "name": "http://localhost:8082/sales-post2/",
+ "enabled": true,
+ "fullScopeAllowed": true,
+ "protocol": "saml",
+ "baseUrl": "http://localhost:8082/sales-post2",
+ "redirectUris": [
+ "http://localhost:8082/sales-post2/*"
+ ],
+ "attributes": {
+ "saml.authnstatement": "true",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post2/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/sales-post2/saml",
+ "saml_idp_initiated_sso_url_name": "sales-post2",
+ "saml_idp_initiated_sso_relay_state": "redirectTo=/foo"
+ }
+ },
+ {
+ "name": "http://localhost:8082/input-portal/",
+ "enabled": true,
+ "fullScopeAllowed": true,
+ "protocol": "saml",
+ "baseUrl": "http://localhost:8082/input-portal/",
+ "redirectUris": [
+ "http://localhost:8082/input-portal/*"
+ ],
+ "attributes": {
+ "saml.authnstatement": "true",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/input-portal/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/input-portal/saml"
+ }
+ },
{
"name": "http://localhost:8082/sales-post-sig/",
"enabled": true,
@@ -95,10 +127,10 @@
"http://localhost:8082/sales-post-sig/*"
],
"attributes": {
- "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig/",
- "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig/",
- "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig/",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig/saml",
"saml.server.signature": "true",
"saml.signature.algorithm": "RSA_SHA256",
"saml.client.signature": "true",
@@ -112,15 +144,15 @@
"protocol": "saml",
"fullScopeAllowed": true,
"baseUrl": "http://localhost:8082/sales-post-sig-transient",
- "adminUrl": "http://localhost:8082/sales-post-sig-transient",
+ "adminUrl": "http://localhost:8082/sales-post-sig-transient/saml",
"redirectUris": [
"http://localhost:8082/sales-post-sig-transient/*"
],
"attributes": {
- "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig-transient/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig-transient/",
- "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig-transient/",
- "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig-transient/",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig-transient/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig-transient/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig-transient/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig-transient/saml",
"saml.server.signature": "true",
"saml.signature.algorithm": "RSA_SHA256",
"saml.client.signature": "true",
@@ -138,10 +170,10 @@
"http://localhost:8082/sales-post-sig-persistent/*"
],
"attributes": {
- "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig-persistent/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig-persistent/",
- "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig-persistent/",
- "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig-persistent/",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig-persistent/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig-persistent/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig-persistent/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig-persistent/saml",
"saml.server.signature": "true",
"saml.signature.algorithm": "RSA_SHA256",
"saml.client.signature": "true",
@@ -155,17 +187,17 @@
"protocol": "saml",
"fullScopeAllowed": true,
"baseUrl": "http://localhost:8082/sales-post-sig-email",
- "adminUrl": "http://localhost:8082/sales-post-sig-email",
+ "adminUrl": "http://localhost:8082/sales-post-sig-email/saml",
"redirectUris": [
"http://localhost:8082/sales-post-sig-email/*"
],
"attributes": {
"saml_force_name_id_format": "true",
"saml_name_id_format": "email",
- "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig-email/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig-email/",
- "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig-email/",
- "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig-email/",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig-email/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig-email/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig-email/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig-email/saml",
"saml.server.signature": "true",
"saml.signature.algorithm": "RSA_SHA256",
"saml.client.signature": "true",
@@ -179,7 +211,7 @@
"protocol": "saml",
"fullScopeAllowed": true,
"baseUrl": "http://localhost:8082/bad-realm-sales-post-sig/",
- "adminUrl": "http://localhost:8082/bad-realm-sales-post-sig/",
+ "adminUrl": "http://localhost:8082/bad-realm-sales-post-sig/saml",
"redirectUris": [
"http://localhost:8082/bad-realm-sales-post-sig/*"
],
@@ -196,7 +228,7 @@
"protocol": "saml",
"fullScopeAllowed": true,
"baseUrl": "http://localhost:8082/bad-client-sales-post-sig/",
- "adminUrl": "http://localhost:8082/bad-client-sales-post-sig/",
+ "adminUrl": "http://localhost:8082/bad-client-sales-post-sig/saml",
"redirectUris": [
"http://localhost:8082/bad-client-sales-post-sig/*"
],
@@ -217,10 +249,10 @@
"http://localhost:8082/sales-post-enc/*"
],
"attributes": {
- "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-enc/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-enc/",
- "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-enc/",
- "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-enc/",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-enc/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-enc/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-enc/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-enc/saml",
"saml.server.signature": "true",
"saml.signature.algorithm": "RSA_SHA512",
"saml.client.signature": "true",
@@ -239,7 +271,7 @@
"redirectUris": [
"http://localhost:8082/employee-sig/*"
],
- "adminUrl": "http://localhost:8082/employee-sig/",
+ "adminUrl": "http://localhost:8082/employee-sig/saml",
"attributes": {
"saml.server.signature": "true",
"saml.client.signature": "true",
@@ -257,7 +289,7 @@
"redirectUris": [
"http://localhost:8082/employee/*"
],
- "adminUrl": "http://localhost:8082/employee/",
+ "adminUrl": "http://localhost:8082/employee/saml",
"attributes": {
"saml.authnstatement": "true"
},
@@ -307,7 +339,7 @@
"redirectUris": [
"http://localhost:8082/employee2/*"
],
- "adminUrl": "http://localhost:8082/employee2/",
+ "adminUrl": "http://localhost:8082/employee2/saml",
"attributes": {
"saml.authnstatement": "true"
},
@@ -359,10 +391,10 @@
"http://localhost:8082/employee-sig-front/*"
],
"attributes": {
- "saml_assertion_consumer_url_post": "http://localhost:8082/employee-sig-front/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8082/employee-sig-front/",
- "saml_single_logout_service_url_post": "http://localhost:8082/employee-sig-front/",
- "saml_single_logout_service_url_redirect": "http://localhost:8082/employee-sig-front/",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/employee-sig-front/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8082/employee-sig-front/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/employee-sig-front/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8082/employee-sig-front/saml",
"saml.server.signature": "true",
"saml.client.signature": "true",
"saml.signature.algorithm": "RSA_SHA1",
diff --git a/testsuite/jetty/jetty91/src/test/java/org/keycloak/testsuite/JettySamlTest.java b/testsuite/jetty/jetty91/src/test/java/org/keycloak/testsuite/JettySamlTest.java
index 40edb45d0a..732017f927 100755
--- a/testsuite/jetty/jetty91/src/test/java/org/keycloak/testsuite/JettySamlTest.java
+++ b/testsuite/jetty/jetty91/src/test/java/org/keycloak/testsuite/JettySamlTest.java
@@ -70,6 +70,8 @@ public class JettySamlTest {
File base = new File(dir.getFile()).getParentFile();
//list.add(new WebAppContext(new File(base, "customer-portal").toString(), "/customer-portal"));
list.add(new WebAppContext(new File(base, "simple-post").toString(), "/sales-post"));
+ list.add(new WebAppContext(new File(base, "simple-post2").toString(), "/sales-post2"));
+ list.add(new WebAppContext(new File(base, "simple-input").toString(), "/input-portal"));
list.add(new WebAppContext(new File(base, "signed-post").toString(), "/sales-post-sig"));
list.add(new WebAppContext(new File(base, "signed-post-email").toString(), "/sales-post-sig-email"));
list.add(new WebAppContext(new File(base, "signed-post-transient").toString(), "/sales-post-sig-transient"));
@@ -103,6 +105,16 @@ public class JettySamlTest {
} catch (Exception e) {}
}
+ @Test
+ public void testSavedPostRequest() throws Exception {
+ testStrategy.testSavedPostRequest();
+ }
+ @Test
+ public void testPostSimpleLoginLogoutIdpInitiatedRedirectTo() {
+ testStrategy.testPostSimpleLoginLogoutIdpInitiatedRedirectTo();
+ }
+
+
@Test
public void testErrorHandling() throws Exception {
testStrategy.testErrorHandling();
diff --git a/testsuite/jetty/jetty91/src/test/resources/keycloak-saml/simple-input/WEB-INF/jetty-web.xml b/testsuite/jetty/jetty91/src/test/resources/keycloak-saml/simple-input/WEB-INF/jetty-web.xml
new file mode 100755
index 0000000000..4ff86d4f52
--- /dev/null
+++ b/testsuite/jetty/jetty91/src/test/resources/keycloak-saml/simple-input/WEB-INF/jetty-web.xml
@@ -0,0 +1,29 @@
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/testsuite/jetty/jetty91/src/test/resources/keycloak-saml/simple-input/WEB-INF/keycloak-saml.xml b/testsuite/jetty/jetty91/src/test/resources/keycloak-saml/simple-input/WEB-INF/keycloak-saml.xml
new file mode 100755
index 0000000000..9fbc22be05
--- /dev/null
+++ b/testsuite/jetty/jetty91/src/test/resources/keycloak-saml/simple-input/WEB-INF/keycloak-saml.xml
@@ -0,0 +1,24 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/testsuite/jetty/jetty91/src/test/resources/keycloak-saml/simple-input/WEB-INF/web.xml b/testsuite/jetty/jetty91/src/test/resources/keycloak-saml/simple-input/WEB-INF/web.xml
new file mode 100755
index 0000000000..318bf6500e
--- /dev/null
+++ b/testsuite/jetty/jetty91/src/test/resources/keycloak-saml/simple-input/WEB-INF/web.xml
@@ -0,0 +1,43 @@
+
+
+
+ adapter-test
+
+
+ SendUsernameServlet
+ org.keycloak.testsuite.keycloaksaml.InputServlet
+
+
+ SendUsernameServlet
+ /*
+
+
+
+
+ Users
+ /secured/*
+
+
+ manager
+
+
+
+
+ BASIC
+ demo
+
+ /error.html
+ /error.html
+
+
+
+
+ manager
+
+
+ el-jefe
+
+
diff --git a/testsuite/jetty/jetty91/src/test/resources/keycloak-saml/simple-post2/WEB-INF/jetty-web.xml b/testsuite/jetty/jetty91/src/test/resources/keycloak-saml/simple-post2/WEB-INF/jetty-web.xml
new file mode 100755
index 0000000000..4ff86d4f52
--- /dev/null
+++ b/testsuite/jetty/jetty91/src/test/resources/keycloak-saml/simple-post2/WEB-INF/jetty-web.xml
@@ -0,0 +1,29 @@
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/testsuite/jetty/jetty91/src/test/resources/keycloak-saml/simple-post2/WEB-INF/keycloak-saml.xml b/testsuite/jetty/jetty91/src/test/resources/keycloak-saml/simple-post2/WEB-INF/keycloak-saml.xml
new file mode 100755
index 0000000000..4644d6c71d
--- /dev/null
+++ b/testsuite/jetty/jetty91/src/test/resources/keycloak-saml/simple-post2/WEB-INF/keycloak-saml.xml
@@ -0,0 +1,24 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/testsuite/jetty/jetty91/src/test/resources/keycloak-saml/simple-post2/WEB-INF/web.xml b/testsuite/jetty/jetty91/src/test/resources/keycloak-saml/simple-post2/WEB-INF/web.xml
new file mode 100755
index 0000000000..86db4a46a4
--- /dev/null
+++ b/testsuite/jetty/jetty91/src/test/resources/keycloak-saml/simple-post2/WEB-INF/web.xml
@@ -0,0 +1,43 @@
+
+
+
+ adapter-test
+
+
+ SendUsernameServlet
+ org.keycloak.testsuite.keycloaksaml.SendUsernameServlet
+
+
+ SendUsernameServlet
+ /*
+
+
+
+
+ Users
+ /*
+
+
+ manager
+
+
+
+
+ BASIC
+ demo
+
+ /error.html
+ /error.html
+
+
+
+
+ manager
+
+
+ el-jefe
+
+
diff --git a/testsuite/jetty/jetty91/src/test/resources/keycloak-saml/sp-metadata.xml b/testsuite/jetty/jetty91/src/test/resources/keycloak-saml/sp-metadata.xml
index 8f143deb61..5eac6879d7 100755
--- a/testsuite/jetty/jetty91/src/test/resources/keycloak-saml/sp-metadata.xml
+++ b/testsuite/jetty/jetty91/src/test/resources/keycloak-saml/sp-metadata.xml
@@ -7,9 +7,9 @@
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol http://schemas.xmlsoap.org/ws/2003/07/secext">
urn:oasis:names:tc:SAML:2.0:nameid-format:transient
-
+
diff --git a/testsuite/jetty/jetty91/src/test/resources/keycloak-saml/testsaml.json b/testsuite/jetty/jetty91/src/test/resources/keycloak-saml/testsaml.json
index 04c5dcdf0f..71cde711a7 100755
--- a/testsuite/jetty/jetty91/src/test/resources/keycloak-saml/testsaml.json
+++ b/testsuite/jetty/jetty91/src/test/resources/keycloak-saml/testsaml.json
@@ -78,13 +78,45 @@
],
"attributes": {
"saml.authnstatement": "true",
- "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post/",
- "saml_single_logout_service_url_post": "http://localhost:8082/sales-post/",
- "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post/",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/sales-post/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post/saml",
"saml_idp_initiated_sso_url_name": "sales-post"
}
},
+ {
+ "name": "http://localhost:8082/sales-post2/",
+ "enabled": true,
+ "fullScopeAllowed": true,
+ "protocol": "saml",
+ "baseUrl": "http://localhost:8082/sales-post2",
+ "redirectUris": [
+ "http://localhost:8082/sales-post2/*"
+ ],
+ "attributes": {
+ "saml.authnstatement": "true",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post2/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/sales-post2/saml",
+ "saml_idp_initiated_sso_url_name": "sales-post2",
+ "saml_idp_initiated_sso_relay_state": "redirectTo=/foo"
+ }
+ },
+ {
+ "name": "http://localhost:8082/input-portal/",
+ "enabled": true,
+ "fullScopeAllowed": true,
+ "protocol": "saml",
+ "baseUrl": "http://localhost:8082/input-portal/",
+ "redirectUris": [
+ "http://localhost:8082/input-portal/*"
+ ],
+ "attributes": {
+ "saml.authnstatement": "true",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/input-portal/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/input-portal/saml"
+ }
+ },
{
"name": "http://localhost:8082/sales-post-sig/",
"enabled": true,
@@ -95,10 +127,10 @@
"http://localhost:8082/sales-post-sig/*"
],
"attributes": {
- "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig/",
- "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig/",
- "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig/",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig/saml",
"saml.server.signature": "true",
"saml.signature.algorithm": "RSA_SHA256",
"saml.client.signature": "true",
@@ -112,15 +144,15 @@
"protocol": "saml",
"fullScopeAllowed": true,
"baseUrl": "http://localhost:8082/sales-post-sig-transient",
- "adminUrl": "http://localhost:8082/sales-post-sig-transient",
+ "adminUrl": "http://localhost:8082/sales-post-sig-transient/saml",
"redirectUris": [
"http://localhost:8082/sales-post-sig-transient/*"
],
"attributes": {
- "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig-transient/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig-transient/",
- "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig-transient/",
- "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig-transient/",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig-transient/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig-transient/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig-transient/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig-transient/saml",
"saml.server.signature": "true",
"saml.signature.algorithm": "RSA_SHA256",
"saml.client.signature": "true",
@@ -138,10 +170,10 @@
"http://localhost:8082/sales-post-sig-persistent/*"
],
"attributes": {
- "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig-persistent/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig-persistent/",
- "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig-persistent/",
- "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig-persistent/",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig-persistent/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig-persistent/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig-persistent/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig-persistent/saml",
"saml.server.signature": "true",
"saml.signature.algorithm": "RSA_SHA256",
"saml.client.signature": "true",
@@ -155,17 +187,17 @@
"protocol": "saml",
"fullScopeAllowed": true,
"baseUrl": "http://localhost:8082/sales-post-sig-email",
- "adminUrl": "http://localhost:8082/sales-post-sig-email",
+ "adminUrl": "http://localhost:8082/sales-post-sig-email/saml",
"redirectUris": [
"http://localhost:8082/sales-post-sig-email/*"
],
"attributes": {
"saml_force_name_id_format": "true",
"saml_name_id_format": "email",
- "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig-email/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig-email/",
- "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig-email/",
- "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig-email/",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig-email/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig-email/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig-email/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig-email/saml",
"saml.server.signature": "true",
"saml.signature.algorithm": "RSA_SHA256",
"saml.client.signature": "true",
@@ -179,7 +211,7 @@
"protocol": "saml",
"fullScopeAllowed": true,
"baseUrl": "http://localhost:8082/bad-realm-sales-post-sig/",
- "adminUrl": "http://localhost:8082/bad-realm-sales-post-sig/",
+ "adminUrl": "http://localhost:8082/bad-realm-sales-post-sig/saml",
"redirectUris": [
"http://localhost:8082/bad-realm-sales-post-sig/*"
],
@@ -196,7 +228,7 @@
"protocol": "saml",
"fullScopeAllowed": true,
"baseUrl": "http://localhost:8082/bad-client-sales-post-sig/",
- "adminUrl": "http://localhost:8082/bad-client-sales-post-sig/",
+ "adminUrl": "http://localhost:8082/bad-client-sales-post-sig/saml",
"redirectUris": [
"http://localhost:8082/bad-client-sales-post-sig/*"
],
@@ -217,10 +249,10 @@
"http://localhost:8082/sales-post-enc/*"
],
"attributes": {
- "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-enc/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-enc/",
- "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-enc/",
- "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-enc/",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-enc/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-enc/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-enc/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-enc/saml",
"saml.server.signature": "true",
"saml.signature.algorithm": "RSA_SHA512",
"saml.client.signature": "true",
@@ -239,7 +271,7 @@
"redirectUris": [
"http://localhost:8082/employee-sig/*"
],
- "adminUrl": "http://localhost:8082/employee-sig/",
+ "adminUrl": "http://localhost:8082/employee-sig/saml",
"attributes": {
"saml.server.signature": "true",
"saml.client.signature": "true",
@@ -257,7 +289,7 @@
"redirectUris": [
"http://localhost:8082/employee/*"
],
- "adminUrl": "http://localhost:8082/employee/",
+ "adminUrl": "http://localhost:8082/employee/saml",
"attributes": {
"saml.authnstatement": "true"
},
@@ -307,7 +339,7 @@
"redirectUris": [
"http://localhost:8082/employee2/*"
],
- "adminUrl": "http://localhost:8082/employee2/",
+ "adminUrl": "http://localhost:8082/employee2/saml",
"attributes": {
"saml.authnstatement": "true"
},
@@ -359,10 +391,10 @@
"http://localhost:8082/employee-sig-front/*"
],
"attributes": {
- "saml_assertion_consumer_url_post": "http://localhost:8082/employee-sig-front/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8082/employee-sig-front/",
- "saml_single_logout_service_url_post": "http://localhost:8082/employee-sig-front/",
- "saml_single_logout_service_url_redirect": "http://localhost:8082/employee-sig-front/",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/employee-sig-front/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8082/employee-sig-front/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/employee-sig-front/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8082/employee-sig-front/saml",
"saml.server.signature": "true",
"saml.client.signature": "true",
"saml.signature.algorithm": "RSA_SHA1",
diff --git a/testsuite/jetty/jetty92/src/test/java/org/keycloak/testsuite/JettySamlTest.java b/testsuite/jetty/jetty92/src/test/java/org/keycloak/testsuite/JettySamlTest.java
index cd3c11ace2..957512de27 100755
--- a/testsuite/jetty/jetty92/src/test/java/org/keycloak/testsuite/JettySamlTest.java
+++ b/testsuite/jetty/jetty92/src/test/java/org/keycloak/testsuite/JettySamlTest.java
@@ -70,6 +70,8 @@ public class JettySamlTest {
File base = new File(dir.getFile()).getParentFile();
//list.add(new WebAppContext(new File(base, "customer-portal").toString(), "/customer-portal"));
list.add(new WebAppContext(new File(base, "simple-post").toString(), "/sales-post"));
+ list.add(new WebAppContext(new File(base, "simple-post2").toString(), "/sales-post2"));
+ list.add(new WebAppContext(new File(base, "simple-input").toString(), "/input-portal"));
list.add(new WebAppContext(new File(base, "signed-post").toString(), "/sales-post-sig"));
list.add(new WebAppContext(new File(base, "signed-post-email").toString(), "/sales-post-sig-email"));
list.add(new WebAppContext(new File(base, "signed-post-transient").toString(), "/sales-post-sig-transient"));
@@ -103,6 +105,16 @@ public class JettySamlTest {
} catch (Exception e) {}
}
+ @Test
+ public void testSavedPostRequest() throws Exception {
+ testStrategy.testSavedPostRequest();
+ }
+ @Test
+ public void testPostSimpleLoginLogoutIdpInitiatedRedirectTo() {
+ testStrategy.testPostSimpleLoginLogoutIdpInitiatedRedirectTo();
+ }
+
+
@Test
public void testErrorHandling() throws Exception {
testStrategy.testErrorHandling();
diff --git a/testsuite/jetty/jetty92/src/test/resources/keycloak-saml/simple-input/WEB-INF/jetty-web.xml b/testsuite/jetty/jetty92/src/test/resources/keycloak-saml/simple-input/WEB-INF/jetty-web.xml
new file mode 100755
index 0000000000..4ff86d4f52
--- /dev/null
+++ b/testsuite/jetty/jetty92/src/test/resources/keycloak-saml/simple-input/WEB-INF/jetty-web.xml
@@ -0,0 +1,29 @@
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/testsuite/jetty/jetty92/src/test/resources/keycloak-saml/simple-input/WEB-INF/keycloak-saml.xml b/testsuite/jetty/jetty92/src/test/resources/keycloak-saml/simple-input/WEB-INF/keycloak-saml.xml
new file mode 100755
index 0000000000..9fbc22be05
--- /dev/null
+++ b/testsuite/jetty/jetty92/src/test/resources/keycloak-saml/simple-input/WEB-INF/keycloak-saml.xml
@@ -0,0 +1,24 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/testsuite/jetty/jetty92/src/test/resources/keycloak-saml/simple-input/WEB-INF/web.xml b/testsuite/jetty/jetty92/src/test/resources/keycloak-saml/simple-input/WEB-INF/web.xml
new file mode 100755
index 0000000000..318bf6500e
--- /dev/null
+++ b/testsuite/jetty/jetty92/src/test/resources/keycloak-saml/simple-input/WEB-INF/web.xml
@@ -0,0 +1,43 @@
+
+
+
+ adapter-test
+
+
+ SendUsernameServlet
+ org.keycloak.testsuite.keycloaksaml.InputServlet
+
+
+ SendUsernameServlet
+ /*
+
+
+
+
+ Users
+ /secured/*
+
+
+ manager
+
+
+
+
+ BASIC
+ demo
+
+ /error.html
+ /error.html
+
+
+
+
+ manager
+
+
+ el-jefe
+
+
diff --git a/testsuite/jetty/jetty92/src/test/resources/keycloak-saml/simple-post2/WEB-INF/jetty-web.xml b/testsuite/jetty/jetty92/src/test/resources/keycloak-saml/simple-post2/WEB-INF/jetty-web.xml
new file mode 100755
index 0000000000..4ff86d4f52
--- /dev/null
+++ b/testsuite/jetty/jetty92/src/test/resources/keycloak-saml/simple-post2/WEB-INF/jetty-web.xml
@@ -0,0 +1,29 @@
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/testsuite/jetty/jetty92/src/test/resources/keycloak-saml/simple-post2/WEB-INF/keycloak-saml.xml b/testsuite/jetty/jetty92/src/test/resources/keycloak-saml/simple-post2/WEB-INF/keycloak-saml.xml
new file mode 100755
index 0000000000..4644d6c71d
--- /dev/null
+++ b/testsuite/jetty/jetty92/src/test/resources/keycloak-saml/simple-post2/WEB-INF/keycloak-saml.xml
@@ -0,0 +1,24 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/testsuite/jetty/jetty92/src/test/resources/keycloak-saml/simple-post2/WEB-INF/web.xml b/testsuite/jetty/jetty92/src/test/resources/keycloak-saml/simple-post2/WEB-INF/web.xml
new file mode 100755
index 0000000000..86db4a46a4
--- /dev/null
+++ b/testsuite/jetty/jetty92/src/test/resources/keycloak-saml/simple-post2/WEB-INF/web.xml
@@ -0,0 +1,43 @@
+
+
+
+ adapter-test
+
+
+ SendUsernameServlet
+ org.keycloak.testsuite.keycloaksaml.SendUsernameServlet
+
+
+ SendUsernameServlet
+ /*
+
+
+
+
+ Users
+ /*
+
+
+ manager
+
+
+
+
+ BASIC
+ demo
+
+ /error.html
+ /error.html
+
+
+
+
+ manager
+
+
+ el-jefe
+
+
diff --git a/testsuite/jetty/jetty92/src/test/resources/keycloak-saml/sp-metadata.xml b/testsuite/jetty/jetty92/src/test/resources/keycloak-saml/sp-metadata.xml
index 8f143deb61..5eac6879d7 100755
--- a/testsuite/jetty/jetty92/src/test/resources/keycloak-saml/sp-metadata.xml
+++ b/testsuite/jetty/jetty92/src/test/resources/keycloak-saml/sp-metadata.xml
@@ -7,9 +7,9 @@
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol http://schemas.xmlsoap.org/ws/2003/07/secext">
urn:oasis:names:tc:SAML:2.0:nameid-format:transient
-
+
diff --git a/testsuite/jetty/jetty92/src/test/resources/keycloak-saml/testsaml.json b/testsuite/jetty/jetty92/src/test/resources/keycloak-saml/testsaml.json
index 04c5dcdf0f..71cde711a7 100755
--- a/testsuite/jetty/jetty92/src/test/resources/keycloak-saml/testsaml.json
+++ b/testsuite/jetty/jetty92/src/test/resources/keycloak-saml/testsaml.json
@@ -78,13 +78,45 @@
],
"attributes": {
"saml.authnstatement": "true",
- "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post/",
- "saml_single_logout_service_url_post": "http://localhost:8082/sales-post/",
- "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post/",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/sales-post/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post/saml",
"saml_idp_initiated_sso_url_name": "sales-post"
}
},
+ {
+ "name": "http://localhost:8082/sales-post2/",
+ "enabled": true,
+ "fullScopeAllowed": true,
+ "protocol": "saml",
+ "baseUrl": "http://localhost:8082/sales-post2",
+ "redirectUris": [
+ "http://localhost:8082/sales-post2/*"
+ ],
+ "attributes": {
+ "saml.authnstatement": "true",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post2/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/sales-post2/saml",
+ "saml_idp_initiated_sso_url_name": "sales-post2",
+ "saml_idp_initiated_sso_relay_state": "redirectTo=/foo"
+ }
+ },
+ {
+ "name": "http://localhost:8082/input-portal/",
+ "enabled": true,
+ "fullScopeAllowed": true,
+ "protocol": "saml",
+ "baseUrl": "http://localhost:8082/input-portal/",
+ "redirectUris": [
+ "http://localhost:8082/input-portal/*"
+ ],
+ "attributes": {
+ "saml.authnstatement": "true",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/input-portal/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/input-portal/saml"
+ }
+ },
{
"name": "http://localhost:8082/sales-post-sig/",
"enabled": true,
@@ -95,10 +127,10 @@
"http://localhost:8082/sales-post-sig/*"
],
"attributes": {
- "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig/",
- "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig/",
- "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig/",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig/saml",
"saml.server.signature": "true",
"saml.signature.algorithm": "RSA_SHA256",
"saml.client.signature": "true",
@@ -112,15 +144,15 @@
"protocol": "saml",
"fullScopeAllowed": true,
"baseUrl": "http://localhost:8082/sales-post-sig-transient",
- "adminUrl": "http://localhost:8082/sales-post-sig-transient",
+ "adminUrl": "http://localhost:8082/sales-post-sig-transient/saml",
"redirectUris": [
"http://localhost:8082/sales-post-sig-transient/*"
],
"attributes": {
- "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig-transient/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig-transient/",
- "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig-transient/",
- "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig-transient/",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig-transient/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig-transient/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig-transient/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig-transient/saml",
"saml.server.signature": "true",
"saml.signature.algorithm": "RSA_SHA256",
"saml.client.signature": "true",
@@ -138,10 +170,10 @@
"http://localhost:8082/sales-post-sig-persistent/*"
],
"attributes": {
- "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig-persistent/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig-persistent/",
- "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig-persistent/",
- "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig-persistent/",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig-persistent/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig-persistent/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig-persistent/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig-persistent/saml",
"saml.server.signature": "true",
"saml.signature.algorithm": "RSA_SHA256",
"saml.client.signature": "true",
@@ -155,17 +187,17 @@
"protocol": "saml",
"fullScopeAllowed": true,
"baseUrl": "http://localhost:8082/sales-post-sig-email",
- "adminUrl": "http://localhost:8082/sales-post-sig-email",
+ "adminUrl": "http://localhost:8082/sales-post-sig-email/saml",
"redirectUris": [
"http://localhost:8082/sales-post-sig-email/*"
],
"attributes": {
"saml_force_name_id_format": "true",
"saml_name_id_format": "email",
- "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig-email/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig-email/",
- "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig-email/",
- "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig-email/",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig-email/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig-email/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig-email/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig-email/saml",
"saml.server.signature": "true",
"saml.signature.algorithm": "RSA_SHA256",
"saml.client.signature": "true",
@@ -179,7 +211,7 @@
"protocol": "saml",
"fullScopeAllowed": true,
"baseUrl": "http://localhost:8082/bad-realm-sales-post-sig/",
- "adminUrl": "http://localhost:8082/bad-realm-sales-post-sig/",
+ "adminUrl": "http://localhost:8082/bad-realm-sales-post-sig/saml",
"redirectUris": [
"http://localhost:8082/bad-realm-sales-post-sig/*"
],
@@ -196,7 +228,7 @@
"protocol": "saml",
"fullScopeAllowed": true,
"baseUrl": "http://localhost:8082/bad-client-sales-post-sig/",
- "adminUrl": "http://localhost:8082/bad-client-sales-post-sig/",
+ "adminUrl": "http://localhost:8082/bad-client-sales-post-sig/saml",
"redirectUris": [
"http://localhost:8082/bad-client-sales-post-sig/*"
],
@@ -217,10 +249,10 @@
"http://localhost:8082/sales-post-enc/*"
],
"attributes": {
- "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-enc/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-enc/",
- "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-enc/",
- "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-enc/",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-enc/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-enc/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-enc/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-enc/saml",
"saml.server.signature": "true",
"saml.signature.algorithm": "RSA_SHA512",
"saml.client.signature": "true",
@@ -239,7 +271,7 @@
"redirectUris": [
"http://localhost:8082/employee-sig/*"
],
- "adminUrl": "http://localhost:8082/employee-sig/",
+ "adminUrl": "http://localhost:8082/employee-sig/saml",
"attributes": {
"saml.server.signature": "true",
"saml.client.signature": "true",
@@ -257,7 +289,7 @@
"redirectUris": [
"http://localhost:8082/employee/*"
],
- "adminUrl": "http://localhost:8082/employee/",
+ "adminUrl": "http://localhost:8082/employee/saml",
"attributes": {
"saml.authnstatement": "true"
},
@@ -307,7 +339,7 @@
"redirectUris": [
"http://localhost:8082/employee2/*"
],
- "adminUrl": "http://localhost:8082/employee2/",
+ "adminUrl": "http://localhost:8082/employee2/saml",
"attributes": {
"saml.authnstatement": "true"
},
@@ -359,10 +391,10 @@
"http://localhost:8082/employee-sig-front/*"
],
"attributes": {
- "saml_assertion_consumer_url_post": "http://localhost:8082/employee-sig-front/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8082/employee-sig-front/",
- "saml_single_logout_service_url_post": "http://localhost:8082/employee-sig-front/",
- "saml_single_logout_service_url_redirect": "http://localhost:8082/employee-sig-front/",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/employee-sig-front/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8082/employee-sig-front/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/employee-sig-front/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8082/employee-sig-front/saml",
"saml.server.signature": "true",
"saml.client.signature": "true",
"saml.signature.algorithm": "RSA_SHA1",
diff --git a/testsuite/tomcat6/src/test/java/org/keycloak/testsuite/TomcatSamlTest.java b/testsuite/tomcat6/src/test/java/org/keycloak/testsuite/TomcatSamlTest.java
index 0e6973a083..5a214a91f2 100755
--- a/testsuite/tomcat6/src/test/java/org/keycloak/testsuite/TomcatSamlTest.java
+++ b/testsuite/tomcat6/src/test/java/org/keycloak/testsuite/TomcatSamlTest.java
@@ -61,6 +61,8 @@ public class TomcatSamlTest {
System.setProperty("app.server.base.url", "http://localhost:8082");
System.setProperty("my.host.name", "localhost");
tomcat.deploySaml("/sales-post", "simple-post");
+ tomcat.deploySaml("/sales-post2", "simple-post2");
+ tomcat.deploySaml("/input-portal", "simple-input");
tomcat.deploySaml("/sales-post-sig", "signed-post");
tomcat.deploySaml("/sales-post-sig-email", "signed-post-email");
tomcat.deploySaml("/sales-post-sig-transient", "signed-post-transient");
@@ -87,6 +89,16 @@ public class TomcatSamlTest {
@Rule
public SamlAdapterTestStrategy testStrategy = new SamlAdapterTestStrategy("http://localhost:8081/auth", "http://localhost:8082", keycloakRule);
+ @Test
+ public void testSavedPostRequest() throws Exception {
+ testStrategy.testSavedPostRequest();
+ }
+ @Test
+ public void testPostSimpleLoginLogoutIdpInitiatedRedirectTo() {
+ testStrategy.testPostSimpleLoginLogoutIdpInitiatedRedirectTo();
+ }
+
+
@Test
public void testPostSimpleLoginLogout() {
testStrategy.testPostSimpleLoginLogout();
diff --git a/testsuite/tomcat6/src/test/resources/keycloak-saml/simple-input/WEB-INF/keycloak-saml.xml b/testsuite/tomcat6/src/test/resources/keycloak-saml/simple-input/WEB-INF/keycloak-saml.xml
new file mode 100755
index 0000000000..9fbc22be05
--- /dev/null
+++ b/testsuite/tomcat6/src/test/resources/keycloak-saml/simple-input/WEB-INF/keycloak-saml.xml
@@ -0,0 +1,24 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/testsuite/tomcat6/src/test/resources/keycloak-saml/simple-input/WEB-INF/web.xml b/testsuite/tomcat6/src/test/resources/keycloak-saml/simple-input/WEB-INF/web.xml
new file mode 100755
index 0000000000..318bf6500e
--- /dev/null
+++ b/testsuite/tomcat6/src/test/resources/keycloak-saml/simple-input/WEB-INF/web.xml
@@ -0,0 +1,43 @@
+
+
+
+ adapter-test
+
+
+ SendUsernameServlet
+ org.keycloak.testsuite.keycloaksaml.InputServlet
+
+
+ SendUsernameServlet
+ /*
+
+
+
+
+ Users
+ /secured/*
+
+
+ manager
+
+
+
+
+ BASIC
+ demo
+
+ /error.html
+ /error.html
+
+
+
+
+ manager
+
+
+ el-jefe
+
+
diff --git a/testsuite/tomcat6/src/test/resources/keycloak-saml/simple-post2/WEB-INF/keycloak-saml.xml b/testsuite/tomcat6/src/test/resources/keycloak-saml/simple-post2/WEB-INF/keycloak-saml.xml
new file mode 100755
index 0000000000..4644d6c71d
--- /dev/null
+++ b/testsuite/tomcat6/src/test/resources/keycloak-saml/simple-post2/WEB-INF/keycloak-saml.xml
@@ -0,0 +1,24 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/testsuite/tomcat6/src/test/resources/keycloak-saml/simple-post2/WEB-INF/web.xml b/testsuite/tomcat6/src/test/resources/keycloak-saml/simple-post2/WEB-INF/web.xml
new file mode 100755
index 0000000000..86db4a46a4
--- /dev/null
+++ b/testsuite/tomcat6/src/test/resources/keycloak-saml/simple-post2/WEB-INF/web.xml
@@ -0,0 +1,43 @@
+
+
+
+ adapter-test
+
+
+ SendUsernameServlet
+ org.keycloak.testsuite.keycloaksaml.SendUsernameServlet
+
+
+ SendUsernameServlet
+ /*
+
+
+
+
+ Users
+ /*
+
+
+ manager
+
+
+
+
+ BASIC
+ demo
+
+ /error.html
+ /error.html
+
+
+
+
+ manager
+
+
+ el-jefe
+
+
diff --git a/testsuite/tomcat6/src/test/resources/keycloak-saml/sp-metadata.xml b/testsuite/tomcat6/src/test/resources/keycloak-saml/sp-metadata.xml
index 8f143deb61..5eac6879d7 100755
--- a/testsuite/tomcat6/src/test/resources/keycloak-saml/sp-metadata.xml
+++ b/testsuite/tomcat6/src/test/resources/keycloak-saml/sp-metadata.xml
@@ -7,9 +7,9 @@
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol http://schemas.xmlsoap.org/ws/2003/07/secext">
urn:oasis:names:tc:SAML:2.0:nameid-format:transient
-
+
diff --git a/testsuite/tomcat6/src/test/resources/keycloak-saml/testsaml.json b/testsuite/tomcat6/src/test/resources/keycloak-saml/testsaml.json
index 04c5dcdf0f..71cde711a7 100755
--- a/testsuite/tomcat6/src/test/resources/keycloak-saml/testsaml.json
+++ b/testsuite/tomcat6/src/test/resources/keycloak-saml/testsaml.json
@@ -78,13 +78,45 @@
],
"attributes": {
"saml.authnstatement": "true",
- "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post/",
- "saml_single_logout_service_url_post": "http://localhost:8082/sales-post/",
- "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post/",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/sales-post/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post/saml",
"saml_idp_initiated_sso_url_name": "sales-post"
}
},
+ {
+ "name": "http://localhost:8082/sales-post2/",
+ "enabled": true,
+ "fullScopeAllowed": true,
+ "protocol": "saml",
+ "baseUrl": "http://localhost:8082/sales-post2",
+ "redirectUris": [
+ "http://localhost:8082/sales-post2/*"
+ ],
+ "attributes": {
+ "saml.authnstatement": "true",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post2/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/sales-post2/saml",
+ "saml_idp_initiated_sso_url_name": "sales-post2",
+ "saml_idp_initiated_sso_relay_state": "redirectTo=/foo"
+ }
+ },
+ {
+ "name": "http://localhost:8082/input-portal/",
+ "enabled": true,
+ "fullScopeAllowed": true,
+ "protocol": "saml",
+ "baseUrl": "http://localhost:8082/input-portal/",
+ "redirectUris": [
+ "http://localhost:8082/input-portal/*"
+ ],
+ "attributes": {
+ "saml.authnstatement": "true",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/input-portal/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/input-portal/saml"
+ }
+ },
{
"name": "http://localhost:8082/sales-post-sig/",
"enabled": true,
@@ -95,10 +127,10 @@
"http://localhost:8082/sales-post-sig/*"
],
"attributes": {
- "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig/",
- "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig/",
- "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig/",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig/saml",
"saml.server.signature": "true",
"saml.signature.algorithm": "RSA_SHA256",
"saml.client.signature": "true",
@@ -112,15 +144,15 @@
"protocol": "saml",
"fullScopeAllowed": true,
"baseUrl": "http://localhost:8082/sales-post-sig-transient",
- "adminUrl": "http://localhost:8082/sales-post-sig-transient",
+ "adminUrl": "http://localhost:8082/sales-post-sig-transient/saml",
"redirectUris": [
"http://localhost:8082/sales-post-sig-transient/*"
],
"attributes": {
- "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig-transient/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig-transient/",
- "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig-transient/",
- "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig-transient/",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig-transient/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig-transient/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig-transient/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig-transient/saml",
"saml.server.signature": "true",
"saml.signature.algorithm": "RSA_SHA256",
"saml.client.signature": "true",
@@ -138,10 +170,10 @@
"http://localhost:8082/sales-post-sig-persistent/*"
],
"attributes": {
- "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig-persistent/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig-persistent/",
- "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig-persistent/",
- "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig-persistent/",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig-persistent/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig-persistent/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig-persistent/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig-persistent/saml",
"saml.server.signature": "true",
"saml.signature.algorithm": "RSA_SHA256",
"saml.client.signature": "true",
@@ -155,17 +187,17 @@
"protocol": "saml",
"fullScopeAllowed": true,
"baseUrl": "http://localhost:8082/sales-post-sig-email",
- "adminUrl": "http://localhost:8082/sales-post-sig-email",
+ "adminUrl": "http://localhost:8082/sales-post-sig-email/saml",
"redirectUris": [
"http://localhost:8082/sales-post-sig-email/*"
],
"attributes": {
"saml_force_name_id_format": "true",
"saml_name_id_format": "email",
- "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig-email/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig-email/",
- "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig-email/",
- "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig-email/",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig-email/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig-email/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig-email/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig-email/saml",
"saml.server.signature": "true",
"saml.signature.algorithm": "RSA_SHA256",
"saml.client.signature": "true",
@@ -179,7 +211,7 @@
"protocol": "saml",
"fullScopeAllowed": true,
"baseUrl": "http://localhost:8082/bad-realm-sales-post-sig/",
- "adminUrl": "http://localhost:8082/bad-realm-sales-post-sig/",
+ "adminUrl": "http://localhost:8082/bad-realm-sales-post-sig/saml",
"redirectUris": [
"http://localhost:8082/bad-realm-sales-post-sig/*"
],
@@ -196,7 +228,7 @@
"protocol": "saml",
"fullScopeAllowed": true,
"baseUrl": "http://localhost:8082/bad-client-sales-post-sig/",
- "adminUrl": "http://localhost:8082/bad-client-sales-post-sig/",
+ "adminUrl": "http://localhost:8082/bad-client-sales-post-sig/saml",
"redirectUris": [
"http://localhost:8082/bad-client-sales-post-sig/*"
],
@@ -217,10 +249,10 @@
"http://localhost:8082/sales-post-enc/*"
],
"attributes": {
- "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-enc/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-enc/",
- "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-enc/",
- "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-enc/",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-enc/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-enc/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-enc/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-enc/saml",
"saml.server.signature": "true",
"saml.signature.algorithm": "RSA_SHA512",
"saml.client.signature": "true",
@@ -239,7 +271,7 @@
"redirectUris": [
"http://localhost:8082/employee-sig/*"
],
- "adminUrl": "http://localhost:8082/employee-sig/",
+ "adminUrl": "http://localhost:8082/employee-sig/saml",
"attributes": {
"saml.server.signature": "true",
"saml.client.signature": "true",
@@ -257,7 +289,7 @@
"redirectUris": [
"http://localhost:8082/employee/*"
],
- "adminUrl": "http://localhost:8082/employee/",
+ "adminUrl": "http://localhost:8082/employee/saml",
"attributes": {
"saml.authnstatement": "true"
},
@@ -307,7 +339,7 @@
"redirectUris": [
"http://localhost:8082/employee2/*"
],
- "adminUrl": "http://localhost:8082/employee2/",
+ "adminUrl": "http://localhost:8082/employee2/saml",
"attributes": {
"saml.authnstatement": "true"
},
@@ -359,10 +391,10 @@
"http://localhost:8082/employee-sig-front/*"
],
"attributes": {
- "saml_assertion_consumer_url_post": "http://localhost:8082/employee-sig-front/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8082/employee-sig-front/",
- "saml_single_logout_service_url_post": "http://localhost:8082/employee-sig-front/",
- "saml_single_logout_service_url_redirect": "http://localhost:8082/employee-sig-front/",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/employee-sig-front/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8082/employee-sig-front/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/employee-sig-front/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8082/employee-sig-front/saml",
"saml.server.signature": "true",
"saml.client.signature": "true",
"saml.signature.algorithm": "RSA_SHA1",
diff --git a/testsuite/tomcat7/src/test/java/org/keycloak/testsuite/TomcatSamlTest.java b/testsuite/tomcat7/src/test/java/org/keycloak/testsuite/TomcatSamlTest.java
index 2483333c96..f07882d787 100755
--- a/testsuite/tomcat7/src/test/java/org/keycloak/testsuite/TomcatSamlTest.java
+++ b/testsuite/tomcat7/src/test/java/org/keycloak/testsuite/TomcatSamlTest.java
@@ -78,6 +78,8 @@ public class TomcatSamlTest {
tomcat.addWebapp("/bad-client-sales-post-sig", new File(base, "bad-client-signed-post").toString());
tomcat.addWebapp("/bad-realm-sales-post-sig", new File(base, "bad-realm-signed-post").toString());
tomcat.addWebapp("/sales-post-enc", new File(base, "encrypted-post").toString());
+ tomcat.addWebapp("/sales-post2", new File(base, "simple-post2").toString());
+ tomcat.addWebapp("/input-portal", new File(base, "simple-input").toString());
SamlAdapterTestStrategy.uploadSP("http://localhost:8081/auth");
@@ -90,6 +92,14 @@ public class TomcatSamlTest {
tomcat.stop();
tomcat.destroy();
}
+ @Test
+ public void testSavedPostRequest() throws Exception {
+ testStrategy.testSavedPostRequest();
+ }
+ @Test
+ public void testPostSimpleLoginLogoutIdpInitiatedRedirectTo() {
+ testStrategy.testPostSimpleLoginLogoutIdpInitiatedRedirectTo();
+ }
@Test
diff --git a/testsuite/tomcat7/src/test/resources/keycloak-saml/simple-input/META-INF/context.xml b/testsuite/tomcat7/src/test/resources/keycloak-saml/simple-input/META-INF/context.xml
new file mode 100755
index 0000000000..d16faafd19
--- /dev/null
+++ b/testsuite/tomcat7/src/test/resources/keycloak-saml/simple-input/META-INF/context.xml
@@ -0,0 +1,3 @@
+
+
+
\ No newline at end of file
diff --git a/testsuite/tomcat7/src/test/resources/keycloak-saml/simple-input/WEB-INF/keycloak-saml.xml b/testsuite/tomcat7/src/test/resources/keycloak-saml/simple-input/WEB-INF/keycloak-saml.xml
new file mode 100755
index 0000000000..9fbc22be05
--- /dev/null
+++ b/testsuite/tomcat7/src/test/resources/keycloak-saml/simple-input/WEB-INF/keycloak-saml.xml
@@ -0,0 +1,24 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/testsuite/tomcat7/src/test/resources/keycloak-saml/simple-input/WEB-INF/web.xml b/testsuite/tomcat7/src/test/resources/keycloak-saml/simple-input/WEB-INF/web.xml
new file mode 100755
index 0000000000..318bf6500e
--- /dev/null
+++ b/testsuite/tomcat7/src/test/resources/keycloak-saml/simple-input/WEB-INF/web.xml
@@ -0,0 +1,43 @@
+
+
+
+ adapter-test
+
+
+ SendUsernameServlet
+ org.keycloak.testsuite.keycloaksaml.InputServlet
+
+
+ SendUsernameServlet
+ /*
+
+
+
+
+ Users
+ /secured/*
+
+
+ manager
+
+
+
+
+ BASIC
+ demo
+
+ /error.html
+ /error.html
+
+
+
+
+ manager
+
+
+ el-jefe
+
+
diff --git a/testsuite/tomcat7/src/test/resources/keycloak-saml/simple-post2/META-INF/context.xml b/testsuite/tomcat7/src/test/resources/keycloak-saml/simple-post2/META-INF/context.xml
new file mode 100755
index 0000000000..d16faafd19
--- /dev/null
+++ b/testsuite/tomcat7/src/test/resources/keycloak-saml/simple-post2/META-INF/context.xml
@@ -0,0 +1,3 @@
+
+
+
\ No newline at end of file
diff --git a/testsuite/tomcat7/src/test/resources/keycloak-saml/simple-post2/WEB-INF/keycloak-saml.xml b/testsuite/tomcat7/src/test/resources/keycloak-saml/simple-post2/WEB-INF/keycloak-saml.xml
new file mode 100755
index 0000000000..4644d6c71d
--- /dev/null
+++ b/testsuite/tomcat7/src/test/resources/keycloak-saml/simple-post2/WEB-INF/keycloak-saml.xml
@@ -0,0 +1,24 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/testsuite/tomcat7/src/test/resources/keycloak-saml/simple-post2/WEB-INF/web.xml b/testsuite/tomcat7/src/test/resources/keycloak-saml/simple-post2/WEB-INF/web.xml
new file mode 100755
index 0000000000..86db4a46a4
--- /dev/null
+++ b/testsuite/tomcat7/src/test/resources/keycloak-saml/simple-post2/WEB-INF/web.xml
@@ -0,0 +1,43 @@
+
+
+
+ adapter-test
+
+
+ SendUsernameServlet
+ org.keycloak.testsuite.keycloaksaml.SendUsernameServlet
+
+
+ SendUsernameServlet
+ /*
+
+
+
+
+ Users
+ /*
+
+
+ manager
+
+
+
+
+ BASIC
+ demo
+
+ /error.html
+ /error.html
+
+
+
+
+ manager
+
+
+ el-jefe
+
+
diff --git a/testsuite/tomcat7/src/test/resources/keycloak-saml/sp-metadata.xml b/testsuite/tomcat7/src/test/resources/keycloak-saml/sp-metadata.xml
index 8f143deb61..5eac6879d7 100755
--- a/testsuite/tomcat7/src/test/resources/keycloak-saml/sp-metadata.xml
+++ b/testsuite/tomcat7/src/test/resources/keycloak-saml/sp-metadata.xml
@@ -7,9 +7,9 @@
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol http://schemas.xmlsoap.org/ws/2003/07/secext">
urn:oasis:names:tc:SAML:2.0:nameid-format:transient
-
+
diff --git a/testsuite/tomcat7/src/test/resources/keycloak-saml/testsaml.json b/testsuite/tomcat7/src/test/resources/keycloak-saml/testsaml.json
index 04c5dcdf0f..71cde711a7 100755
--- a/testsuite/tomcat7/src/test/resources/keycloak-saml/testsaml.json
+++ b/testsuite/tomcat7/src/test/resources/keycloak-saml/testsaml.json
@@ -78,13 +78,45 @@
],
"attributes": {
"saml.authnstatement": "true",
- "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post/",
- "saml_single_logout_service_url_post": "http://localhost:8082/sales-post/",
- "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post/",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/sales-post/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post/saml",
"saml_idp_initiated_sso_url_name": "sales-post"
}
},
+ {
+ "name": "http://localhost:8082/sales-post2/",
+ "enabled": true,
+ "fullScopeAllowed": true,
+ "protocol": "saml",
+ "baseUrl": "http://localhost:8082/sales-post2",
+ "redirectUris": [
+ "http://localhost:8082/sales-post2/*"
+ ],
+ "attributes": {
+ "saml.authnstatement": "true",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post2/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/sales-post2/saml",
+ "saml_idp_initiated_sso_url_name": "sales-post2",
+ "saml_idp_initiated_sso_relay_state": "redirectTo=/foo"
+ }
+ },
+ {
+ "name": "http://localhost:8082/input-portal/",
+ "enabled": true,
+ "fullScopeAllowed": true,
+ "protocol": "saml",
+ "baseUrl": "http://localhost:8082/input-portal/",
+ "redirectUris": [
+ "http://localhost:8082/input-portal/*"
+ ],
+ "attributes": {
+ "saml.authnstatement": "true",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/input-portal/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/input-portal/saml"
+ }
+ },
{
"name": "http://localhost:8082/sales-post-sig/",
"enabled": true,
@@ -95,10 +127,10 @@
"http://localhost:8082/sales-post-sig/*"
],
"attributes": {
- "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig/",
- "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig/",
- "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig/",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig/saml",
"saml.server.signature": "true",
"saml.signature.algorithm": "RSA_SHA256",
"saml.client.signature": "true",
@@ -112,15 +144,15 @@
"protocol": "saml",
"fullScopeAllowed": true,
"baseUrl": "http://localhost:8082/sales-post-sig-transient",
- "adminUrl": "http://localhost:8082/sales-post-sig-transient",
+ "adminUrl": "http://localhost:8082/sales-post-sig-transient/saml",
"redirectUris": [
"http://localhost:8082/sales-post-sig-transient/*"
],
"attributes": {
- "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig-transient/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig-transient/",
- "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig-transient/",
- "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig-transient/",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig-transient/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig-transient/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig-transient/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig-transient/saml",
"saml.server.signature": "true",
"saml.signature.algorithm": "RSA_SHA256",
"saml.client.signature": "true",
@@ -138,10 +170,10 @@
"http://localhost:8082/sales-post-sig-persistent/*"
],
"attributes": {
- "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig-persistent/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig-persistent/",
- "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig-persistent/",
- "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig-persistent/",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig-persistent/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig-persistent/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig-persistent/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig-persistent/saml",
"saml.server.signature": "true",
"saml.signature.algorithm": "RSA_SHA256",
"saml.client.signature": "true",
@@ -155,17 +187,17 @@
"protocol": "saml",
"fullScopeAllowed": true,
"baseUrl": "http://localhost:8082/sales-post-sig-email",
- "adminUrl": "http://localhost:8082/sales-post-sig-email",
+ "adminUrl": "http://localhost:8082/sales-post-sig-email/saml",
"redirectUris": [
"http://localhost:8082/sales-post-sig-email/*"
],
"attributes": {
"saml_force_name_id_format": "true",
"saml_name_id_format": "email",
- "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig-email/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig-email/",
- "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig-email/",
- "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig-email/",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig-email/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig-email/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig-email/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig-email/saml",
"saml.server.signature": "true",
"saml.signature.algorithm": "RSA_SHA256",
"saml.client.signature": "true",
@@ -179,7 +211,7 @@
"protocol": "saml",
"fullScopeAllowed": true,
"baseUrl": "http://localhost:8082/bad-realm-sales-post-sig/",
- "adminUrl": "http://localhost:8082/bad-realm-sales-post-sig/",
+ "adminUrl": "http://localhost:8082/bad-realm-sales-post-sig/saml",
"redirectUris": [
"http://localhost:8082/bad-realm-sales-post-sig/*"
],
@@ -196,7 +228,7 @@
"protocol": "saml",
"fullScopeAllowed": true,
"baseUrl": "http://localhost:8082/bad-client-sales-post-sig/",
- "adminUrl": "http://localhost:8082/bad-client-sales-post-sig/",
+ "adminUrl": "http://localhost:8082/bad-client-sales-post-sig/saml",
"redirectUris": [
"http://localhost:8082/bad-client-sales-post-sig/*"
],
@@ -217,10 +249,10 @@
"http://localhost:8082/sales-post-enc/*"
],
"attributes": {
- "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-enc/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-enc/",
- "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-enc/",
- "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-enc/",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-enc/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-enc/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-enc/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-enc/saml",
"saml.server.signature": "true",
"saml.signature.algorithm": "RSA_SHA512",
"saml.client.signature": "true",
@@ -239,7 +271,7 @@
"redirectUris": [
"http://localhost:8082/employee-sig/*"
],
- "adminUrl": "http://localhost:8082/employee-sig/",
+ "adminUrl": "http://localhost:8082/employee-sig/saml",
"attributes": {
"saml.server.signature": "true",
"saml.client.signature": "true",
@@ -257,7 +289,7 @@
"redirectUris": [
"http://localhost:8082/employee/*"
],
- "adminUrl": "http://localhost:8082/employee/",
+ "adminUrl": "http://localhost:8082/employee/saml",
"attributes": {
"saml.authnstatement": "true"
},
@@ -307,7 +339,7 @@
"redirectUris": [
"http://localhost:8082/employee2/*"
],
- "adminUrl": "http://localhost:8082/employee2/",
+ "adminUrl": "http://localhost:8082/employee2/saml",
"attributes": {
"saml.authnstatement": "true"
},
@@ -359,10 +391,10 @@
"http://localhost:8082/employee-sig-front/*"
],
"attributes": {
- "saml_assertion_consumer_url_post": "http://localhost:8082/employee-sig-front/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8082/employee-sig-front/",
- "saml_single_logout_service_url_post": "http://localhost:8082/employee-sig-front/",
- "saml_single_logout_service_url_redirect": "http://localhost:8082/employee-sig-front/",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/employee-sig-front/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8082/employee-sig-front/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/employee-sig-front/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8082/employee-sig-front/saml",
"saml.server.signature": "true",
"saml.client.signature": "true",
"saml.signature.algorithm": "RSA_SHA1",
diff --git a/testsuite/tomcat8/src/test/java/org/keycloak/testsuite/TomcatSamlTest.java b/testsuite/tomcat8/src/test/java/org/keycloak/testsuite/TomcatSamlTest.java
index dd5509f88c..7a934326c0 100755
--- a/testsuite/tomcat8/src/test/java/org/keycloak/testsuite/TomcatSamlTest.java
+++ b/testsuite/tomcat8/src/test/java/org/keycloak/testsuite/TomcatSamlTest.java
@@ -64,6 +64,8 @@ public class TomcatSamlTest {
URL dir = TomcatSamlTest.class.getResource("/keycloak-saml/testsaml.json");
File base = new File(dir.getFile()).getParentFile();
tomcat.addWebapp("/sales-post", new File(base, "simple-post").toString());
+ tomcat.addWebapp("/sales-post2", new File(base, "simple-post2").toString());
+ tomcat.addWebapp("/input-portal", new File(base, "simple-input").toString());
tomcat.addWebapp("/sales-post-sig", new File(base, "signed-post").toString());
tomcat.addWebapp("/sales-post-sig-email", new File(base, "signed-post-email").toString());
tomcat.addWebapp("/sales-post-sig-transient", new File(base, "signed-post-transient").toString());
@@ -91,6 +93,16 @@ public class TomcatSamlTest {
@Rule
public SamlAdapterTestStrategy testStrategy = new SamlAdapterTestStrategy("http://localhost:8081/auth", "http://localhost:8082", keycloakRule);
+ @Test
+ public void testSavedPostRequest() throws Exception {
+ testStrategy.testSavedPostRequest();
+ }
+ @Test
+ public void testPostSimpleLoginLogoutIdpInitiatedRedirectTo() {
+ testStrategy.testPostSimpleLoginLogoutIdpInitiatedRedirectTo();
+ }
+
+
@Test
public void testErrorHandling() throws Exception {
testStrategy.testErrorHandling();
diff --git a/testsuite/tomcat8/src/test/resources/keycloak-saml/simple-input/META-INF/context.xml b/testsuite/tomcat8/src/test/resources/keycloak-saml/simple-input/META-INF/context.xml
new file mode 100755
index 0000000000..d16faafd19
--- /dev/null
+++ b/testsuite/tomcat8/src/test/resources/keycloak-saml/simple-input/META-INF/context.xml
@@ -0,0 +1,3 @@
+
+
+
\ No newline at end of file
diff --git a/testsuite/tomcat8/src/test/resources/keycloak-saml/simple-input/WEB-INF/keycloak-saml.xml b/testsuite/tomcat8/src/test/resources/keycloak-saml/simple-input/WEB-INF/keycloak-saml.xml
new file mode 100755
index 0000000000..9fbc22be05
--- /dev/null
+++ b/testsuite/tomcat8/src/test/resources/keycloak-saml/simple-input/WEB-INF/keycloak-saml.xml
@@ -0,0 +1,24 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/testsuite/tomcat8/src/test/resources/keycloak-saml/simple-input/WEB-INF/web.xml b/testsuite/tomcat8/src/test/resources/keycloak-saml/simple-input/WEB-INF/web.xml
new file mode 100755
index 0000000000..318bf6500e
--- /dev/null
+++ b/testsuite/tomcat8/src/test/resources/keycloak-saml/simple-input/WEB-INF/web.xml
@@ -0,0 +1,43 @@
+
+
+
+ adapter-test
+
+
+ SendUsernameServlet
+ org.keycloak.testsuite.keycloaksaml.InputServlet
+
+
+ SendUsernameServlet
+ /*
+
+
+
+
+ Users
+ /secured/*
+
+
+ manager
+
+
+
+
+ BASIC
+ demo
+
+ /error.html
+ /error.html
+
+
+
+
+ manager
+
+
+ el-jefe
+
+
diff --git a/testsuite/tomcat8/src/test/resources/keycloak-saml/simple-post2/META-INF/context.xml b/testsuite/tomcat8/src/test/resources/keycloak-saml/simple-post2/META-INF/context.xml
new file mode 100755
index 0000000000..d16faafd19
--- /dev/null
+++ b/testsuite/tomcat8/src/test/resources/keycloak-saml/simple-post2/META-INF/context.xml
@@ -0,0 +1,3 @@
+
+
+
\ No newline at end of file
diff --git a/testsuite/tomcat8/src/test/resources/keycloak-saml/simple-post2/WEB-INF/keycloak-saml.xml b/testsuite/tomcat8/src/test/resources/keycloak-saml/simple-post2/WEB-INF/keycloak-saml.xml
new file mode 100755
index 0000000000..4644d6c71d
--- /dev/null
+++ b/testsuite/tomcat8/src/test/resources/keycloak-saml/simple-post2/WEB-INF/keycloak-saml.xml
@@ -0,0 +1,24 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/testsuite/tomcat8/src/test/resources/keycloak-saml/simple-post2/WEB-INF/web.xml b/testsuite/tomcat8/src/test/resources/keycloak-saml/simple-post2/WEB-INF/web.xml
new file mode 100755
index 0000000000..86db4a46a4
--- /dev/null
+++ b/testsuite/tomcat8/src/test/resources/keycloak-saml/simple-post2/WEB-INF/web.xml
@@ -0,0 +1,43 @@
+
+
+
+ adapter-test
+
+
+ SendUsernameServlet
+ org.keycloak.testsuite.keycloaksaml.SendUsernameServlet
+
+
+ SendUsernameServlet
+ /*
+
+
+
+
+ Users
+ /*
+
+
+ manager
+
+
+
+
+ BASIC
+ demo
+
+ /error.html
+ /error.html
+
+
+
+
+ manager
+
+
+ el-jefe
+
+
diff --git a/testsuite/tomcat8/src/test/resources/keycloak-saml/sp-metadata.xml b/testsuite/tomcat8/src/test/resources/keycloak-saml/sp-metadata.xml
index 8f143deb61..5eac6879d7 100755
--- a/testsuite/tomcat8/src/test/resources/keycloak-saml/sp-metadata.xml
+++ b/testsuite/tomcat8/src/test/resources/keycloak-saml/sp-metadata.xml
@@ -7,9 +7,9 @@
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol http://schemas.xmlsoap.org/ws/2003/07/secext">
urn:oasis:names:tc:SAML:2.0:nameid-format:transient
-
+
diff --git a/testsuite/tomcat8/src/test/resources/keycloak-saml/testsaml.json b/testsuite/tomcat8/src/test/resources/keycloak-saml/testsaml.json
index 04c5dcdf0f..71cde711a7 100755
--- a/testsuite/tomcat8/src/test/resources/keycloak-saml/testsaml.json
+++ b/testsuite/tomcat8/src/test/resources/keycloak-saml/testsaml.json
@@ -78,13 +78,45 @@
],
"attributes": {
"saml.authnstatement": "true",
- "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post/",
- "saml_single_logout_service_url_post": "http://localhost:8082/sales-post/",
- "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post/",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/sales-post/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post/saml",
"saml_idp_initiated_sso_url_name": "sales-post"
}
},
+ {
+ "name": "http://localhost:8082/sales-post2/",
+ "enabled": true,
+ "fullScopeAllowed": true,
+ "protocol": "saml",
+ "baseUrl": "http://localhost:8082/sales-post2",
+ "redirectUris": [
+ "http://localhost:8082/sales-post2/*"
+ ],
+ "attributes": {
+ "saml.authnstatement": "true",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post2/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/sales-post2/saml",
+ "saml_idp_initiated_sso_url_name": "sales-post2",
+ "saml_idp_initiated_sso_relay_state": "redirectTo=/foo"
+ }
+ },
+ {
+ "name": "http://localhost:8082/input-portal/",
+ "enabled": true,
+ "fullScopeAllowed": true,
+ "protocol": "saml",
+ "baseUrl": "http://localhost:8082/input-portal/",
+ "redirectUris": [
+ "http://localhost:8082/input-portal/*"
+ ],
+ "attributes": {
+ "saml.authnstatement": "true",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/input-portal/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/input-portal/saml"
+ }
+ },
{
"name": "http://localhost:8082/sales-post-sig/",
"enabled": true,
@@ -95,10 +127,10 @@
"http://localhost:8082/sales-post-sig/*"
],
"attributes": {
- "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig/",
- "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig/",
- "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig/",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig/saml",
"saml.server.signature": "true",
"saml.signature.algorithm": "RSA_SHA256",
"saml.client.signature": "true",
@@ -112,15 +144,15 @@
"protocol": "saml",
"fullScopeAllowed": true,
"baseUrl": "http://localhost:8082/sales-post-sig-transient",
- "adminUrl": "http://localhost:8082/sales-post-sig-transient",
+ "adminUrl": "http://localhost:8082/sales-post-sig-transient/saml",
"redirectUris": [
"http://localhost:8082/sales-post-sig-transient/*"
],
"attributes": {
- "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig-transient/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig-transient/",
- "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig-transient/",
- "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig-transient/",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig-transient/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig-transient/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig-transient/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig-transient/saml",
"saml.server.signature": "true",
"saml.signature.algorithm": "RSA_SHA256",
"saml.client.signature": "true",
@@ -138,10 +170,10 @@
"http://localhost:8082/sales-post-sig-persistent/*"
],
"attributes": {
- "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig-persistent/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig-persistent/",
- "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig-persistent/",
- "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig-persistent/",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig-persistent/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig-persistent/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig-persistent/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig-persistent/saml",
"saml.server.signature": "true",
"saml.signature.algorithm": "RSA_SHA256",
"saml.client.signature": "true",
@@ -155,17 +187,17 @@
"protocol": "saml",
"fullScopeAllowed": true,
"baseUrl": "http://localhost:8082/sales-post-sig-email",
- "adminUrl": "http://localhost:8082/sales-post-sig-email",
+ "adminUrl": "http://localhost:8082/sales-post-sig-email/saml",
"redirectUris": [
"http://localhost:8082/sales-post-sig-email/*"
],
"attributes": {
"saml_force_name_id_format": "true",
"saml_name_id_format": "email",
- "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig-email/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig-email/",
- "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig-email/",
- "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig-email/",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-sig-email/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-sig-email/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-sig-email/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-sig-email/saml",
"saml.server.signature": "true",
"saml.signature.algorithm": "RSA_SHA256",
"saml.client.signature": "true",
@@ -179,7 +211,7 @@
"protocol": "saml",
"fullScopeAllowed": true,
"baseUrl": "http://localhost:8082/bad-realm-sales-post-sig/",
- "adminUrl": "http://localhost:8082/bad-realm-sales-post-sig/",
+ "adminUrl": "http://localhost:8082/bad-realm-sales-post-sig/saml",
"redirectUris": [
"http://localhost:8082/bad-realm-sales-post-sig/*"
],
@@ -196,7 +228,7 @@
"protocol": "saml",
"fullScopeAllowed": true,
"baseUrl": "http://localhost:8082/bad-client-sales-post-sig/",
- "adminUrl": "http://localhost:8082/bad-client-sales-post-sig/",
+ "adminUrl": "http://localhost:8082/bad-client-sales-post-sig/saml",
"redirectUris": [
"http://localhost:8082/bad-client-sales-post-sig/*"
],
@@ -217,10 +249,10 @@
"http://localhost:8082/sales-post-enc/*"
],
"attributes": {
- "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-enc/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-enc/",
- "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-enc/",
- "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-enc/",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/sales-post-enc/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8082/sales-post-enc/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/sales-post-enc/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8082/sales-post-enc/saml",
"saml.server.signature": "true",
"saml.signature.algorithm": "RSA_SHA512",
"saml.client.signature": "true",
@@ -239,7 +271,7 @@
"redirectUris": [
"http://localhost:8082/employee-sig/*"
],
- "adminUrl": "http://localhost:8082/employee-sig/",
+ "adminUrl": "http://localhost:8082/employee-sig/saml",
"attributes": {
"saml.server.signature": "true",
"saml.client.signature": "true",
@@ -257,7 +289,7 @@
"redirectUris": [
"http://localhost:8082/employee/*"
],
- "adminUrl": "http://localhost:8082/employee/",
+ "adminUrl": "http://localhost:8082/employee/saml",
"attributes": {
"saml.authnstatement": "true"
},
@@ -307,7 +339,7 @@
"redirectUris": [
"http://localhost:8082/employee2/*"
],
- "adminUrl": "http://localhost:8082/employee2/",
+ "adminUrl": "http://localhost:8082/employee2/saml",
"attributes": {
"saml.authnstatement": "true"
},
@@ -359,10 +391,10 @@
"http://localhost:8082/employee-sig-front/*"
],
"attributes": {
- "saml_assertion_consumer_url_post": "http://localhost:8082/employee-sig-front/",
- "saml_assertion_consumer_url_redirect": "http://localhost:8082/employee-sig-front/",
- "saml_single_logout_service_url_post": "http://localhost:8082/employee-sig-front/",
- "saml_single_logout_service_url_redirect": "http://localhost:8082/employee-sig-front/",
+ "saml_assertion_consumer_url_post": "http://localhost:8082/employee-sig-front/saml",
+ "saml_assertion_consumer_url_redirect": "http://localhost:8082/employee-sig-front/saml",
+ "saml_single_logout_service_url_post": "http://localhost:8082/employee-sig-front/saml",
+ "saml_single_logout_service_url_redirect": "http://localhost:8082/employee-sig-front/saml",
"saml.server.signature": "true",
"saml.client.signature": "true",
"saml.signature.algorithm": "RSA_SHA1",